A six-phase attack chain showing how the China-linked GTG-1002 group used Claude Code through MCP for autonomous espionage, plus GitHub Copilot's policy change to start using user code for AI training on April 24.
An intrusion campaign that auto-scanned FortiGate in 106 countries using DeepSeek and Claude; Starkiller, a reverse-proxy PhaaS that nullifies MFA; Anthropic's Claude Code Security finding 500+ vulnerabilities in production OSS; and PayPal exposing SSNs for six months due to a coding mistake.
