Archive - CodeAIntel

The Install Command Was the Attack: How “InstallFix” Is Weaponizing Claude Code’s Popularity

Attackers built pixel-perfect clones of Claude Code’s installation page and bought their way to the top of Google Search. The install command you copied…

Mar 11 • Tom

February 2026

APT37's "Ruby Jumper" Uses USB Drives to Breach Networks That Were Never Online

North Korea's elite hacking group built a five-tool malware framework specifically engineered to cross the one boundary the internet can't reach — the…

Feb 27 • Tom

$4 Million, 8 Zero-Days, One Traitor: How a Defense Contractor Sold America's Cyber Weapons to Russia

Peter Williams didn't hack anything. He didn't need to. He already had the keys — and he auctioned them off to the highest bidder wearing a Russian…

Feb 26 • Tom

Google's Tensor Secrets Were in Tehran: The Insider Threat That Slipped Past Silicon Valley

Three engineers. Hundreds of files. One family scheme. And trade secrets about Google's most sensitive chip technology — photographed and carried to…

Feb 20 • Tom

PayPal’s Silent Six Months: The Breach That Hid in the Code

A software error, a loan app, and Social Security numbers sitting exposed for 165 days. PayPal had a problem — and its customers were the last to know.

Feb 20 • Tom

Operation Red Card 2.0: The $45 Million Takedown of Africa’s Cyber Syndicate

The industrialized scale of modern cybercrime just met the industrialized scale of international law enforcement.

Feb 19 • Tom

Blockchain Fortress, Human Gatekeeper: How Figure Tech Lost 1 Million IDs to a Phone Call

The promise of blockchain is immutable security. The reality of fintech is that a single employee login is worth more than all the cryptography in the…

Feb 18 • Tom

How a Trojanized Oura Server Infiltrated AI Ecosystems

Your biometric data isn't the only thing the Oura ring can connect to anymore—now, it might be the gateway for an infostealer.

Feb 17 • Tom

ZeroDayRAT: The Nation-State Toolkit Now Available to the Highest (Telegram) Bidder

The barrier to entry for total mobile domination just hit zero.

Feb 16 • Tom

How 2,420 Russian Starlink Terminals Just Became Digital Targets

It wasn't a missile that blinded the Russian drone teams in Zaporizhzhia this week. It was a QR code and a Telegram bot.

Feb 14 • Tom

Adversaries Are Now Cloning High-End AI Reasoning

In mid-February 2026, Google Threat Intelligence Group confirmed a dangerous shift: attackers aren't just using AI tools; they are stealing the…

Feb 12 • Tom

When the Zoom Call Is the Malware: UNC1069 and the Industrialization of AI-Driven Trust Exploitation

We’ve crossed the line where AI is merely assisting phishing, and entered a phase where AI is embedded inside the social engineering infrastructure…

Feb 11 • Tom

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts