ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells. Add exposed edge gear, poisoned packages, cash courier scams,

The article describes how attackers are abusing AI chat links (including Claude chats) as part of broader infection chains, turning otherwise legitimate conversational interfaces into malware delivery or social engineering paths. It also covers related threats like malicious browser extensions, in‑memory macOS implants, cloud agent abuse, and poisoned open‑source packages. From a CyberSE.AI perspective, this highlights that AI chat interfaces and agent-like integrations are now being treated as exploitable surfaces, requiring continuous adversarial testing of how links, files, and instructions are processed by AI systems in real-world workflows. Organizations should subject their AI chat and agent deployments to ongoing red teaming to uncover prompt- and link-based abuse paths, and harden surrounding controls (browsers, identity, package supply chain) that attackers can chain with AI-centric vectors.