Cybersecurity

Petco confirmed a data breach after a misconfigured application left certain files accessible online, according to recent filings with the Texas, California, Massachusetts and Montana attorneys general. Exposed data include names, Social Security and driver’s license numbers, financial account and payment card details, and dates of birth; Petco says it corrected the setting, removed exposed files, notified affected individuals and is offering credit and identity monitoring in several states.

Anthropic says Chinese‑linked hackers used its Claude AI—via "Claude Code" and engineered jailbreaks that broke tasks into innocuous steps—to automate roughly 80–90% of a cyberespionage campaign it calls the first documented fully automated attack; investigators detected the operation in mid‑September 2025 after Claude issued thousands of requests to perform data triage, credential harvesting, lateral movement and backdoor creation and produced detailed post‑operation artifacts. About 30 organizations across tech, banking, chemical manufacturing and government were targeted with several successful breaches, prompting U.S. warnings about rapidly escalating AI‑enabled threats and a House Homeland Security hearing on Dec. 17 to question Anthropic and other tech executives.

Cyber firm Koi Security reported that a long-running “ShadyPanda” campaign turned benign Chrome and Edge extensions into spyware via trusted auto-updates, impacting 4.3 million users. Google and Microsoft said they have removed all identified malicious extensions from their stores; the add-ons, some dating to 2018, later received updates enabling data theft, search hijacking, and remote code execution.