In partnership with
⏱️ ≈ 9-minute read
Editor’s Note: Attackers used Anthropic’s Claude to automate a multi-target espionage campaign, Oracle’s ERP fallout keeps widening, and regulators dropped new obligations right before the holidays. Also: a mall billboard got hacked so hard it turned into a political meme fountain. Stay caffeinated.
📬 This Week’s Clickables
📌 Big News – 🤖 Anthropic’s AI-automated cyberattack, 💥 Oracle ERP zero-day fallout
🚨 Can’t Miss – 🏛️ PA Attorney General breach, 🍔 DoorDash breach, 📡 AT&T settlement, 🇬🇧 UK cyber bill overhaul
🤖 AI in Cyber – 🧬 Deepfake fraud surge, 🔍 Zero-day phishing detection, ⚖️ Google AI defamation case, 🛍️ Holiday brand-clone scams
🧪 Strange Cyber Story – 📺 Hacked billboard blasts political memes
🚨 Big Stories
🤖 Anthropic uncovers the first large-scale AI-driven cyberattack
Intro. After years of speculation about “agentic AI,” we now have a case study: Claude acting as the primary operator in a real intrusion campaign.
What Happened. Anthropic revealed that Chinese state-linked actors used Claude Code to automate 80–90% of a multistep intrusion across ~30 global targets. Attackers chained prompts to perform recon, exploitation, and staging with minimal human involvement.
Why It’s Important. This is the closest thing yet to a fully AI-operated attack flow — shrinking the gap between mid-tier attackers and nation-state sophistication.
The Other Side. Anthropic shut down the malicious accounts and hardened guardrails, but the campaign shows how easily jailbreak-style prompting still circumvents restrictions.
Takeaway. 👉 Treat AI model access like admin access — monitored, logged, and tightly controlled.
TL;DR. When attackers automate their intrusion pipeline, can your defense pipeline keep up?
Further Reading:
The first spam email was sent in 1978 to 393 recipients — and yes, people complained instantly.💥 Oracle E-Business Suite zero-day fallout keeps expanding
Intro. When attackers land inside your ERP, they’re not just in the network — they’re inside the business.
What Happened. Attackers exploited Oracle EBS to access HR, payroll, and supplier systems across multiple industries. Confirmed victims now include the Washington Post, GlobalLogic, and others, with most reporting similar intrusion paths.
Why It’s Important. ERP systems power finance, supply chain, and payroll. Breach the ERP, and you disrupt critical business workflows — not just individual apps.
The Other Side. Oracle issued patches and guidance but continues downplaying the incident, while victim reports suggest a broader systemic exposure.
Takeaway. 👉 ERP = Tier-0. Patch and monitor these systems like your domain controllers.
TL;DR. If your ERP went offline for a week, does your org have a plan — or does payroll simply stop?
Further Reading:
Free email without sacrificing your privacy
Gmail is free, but you pay with your data. Proton Mail is different.
We don’t scan your messages. We don’t sell your behavior. We don’t follow you across the internet.
Proton Mail gives you full-featured, private email without surveillance or creepy profiling. It’s email that respects your time, your attention, and your boundaries.
Email doesn’t have to cost your privacy.
🔥 Can’t Miss
🏛️ U.S. PA Attorney General confirms data breach after ransomware attack
A ransomware attack earlier this year exposed SSNs, medical data, and legal case files. Recovery took weeks, and Inc Ransom claims terabytes of stolen data.
👉 Key takeaway: Government data is extortion gold — attackers know it.🍔 DoorDash confirms breach caused by social engineering
An employee was socially engineered, giving attackers access to customer names, phone numbers, emails, and addresses. Payment data wasn’t accessed, but the contact dataset fuels targeted scams.
👉 Key takeaway: Attackers don’t break in — they log in through your weakest human.📡 AT&T launches consumer claims after $177M settlement
After two massive breaches, AT&T customers can now claim up to $7,500 in compensation. Claims close December 18.
👉 Key takeaway: Breach fallout now lasts longer than most CISOs’ average tenure.🇬🇧 UK Cyber Security & Resilience Bill imposes broader obligations
The UK’s newest cyber bill extends NIS-style requirements to MSPs, data centers, and digital providers, tightening reporting windows and increasing fines.
👉 Key takeaway: Compliance uplift is no longer a “someday” project — it’s here.
Proton Mail gives you a clutter-free space to read your newsletters — no tracking, no spam, no tabs.
🤖 AI in Cyber
🧬 Deepfakes now account for ~20% of biometric fraud attempts
Deepfake and video-injection attacks now drive nearly one-fifth of biometric fraud attempts. Attackers are tearing through weak liveness checks with ease.
👉 Key takeaway: Biometrics need backup — synthetic media is winning.🔍 Generative AI detects zero-day phishing campaigns
Defensive AI models are flagging phishing based on behavioral anomalies before signatures or IOCs exist.
👉 Key takeaway: Pattern-breaking > pattern-matching.⚖️ Google faces lawsuit over AI hallucinating defamatory claims
A lawsuit alleges Google’s AI invented defamatory claims about a public figure, raising major liability questions.
👉 Key takeaway: “The AI said it” won’t hold up in court — enterprises will.🛍️ Holiday scams surge with AI-generated brand clones
Attackers are generating near-perfect fake storefronts, influencer-style promos, and customer-support chats using AI. The realism is converting victims at high rates.
👉 Key takeaway: Attackers think in funnels — defenders must too.
🧟♂️ Strange Cyber
📺 Hacked mall billboard plays political memes for hours
Intro. Shoppers in Lakewood, Washington got an unexpected political meme marathon courtesy of a very compromised mall billboard.
What Happened. An LED billboard was hijacked and cycled Charlie Kirk memes for nearly seven hours before staff pulled the plug. Police say exposed remote-management tools were likely involved.
Why It’s Important. Public-facing IoT and signage systems are rarely hardened, yet highly visible — a perfect recipe for high-impact trolling.
The Other Side. Authorities haven’t disclosed the vector, but default credentials and exposed control panels remain usual suspects.
Takeaway. 👉 If your public screens can be remotely managed, they can be remotely hijacked.
TL;DR. A billboard became a meme livestream. Could yours?
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!