threat actors

Sysdig caught a threat actor using a misconfigured Ollama instance as the reasoning engine for an automated offensive pentesting framework — a significant escalation from credential theft to weaponised AI infrastructure.

Sophos researchers uncovered an operational threat actor lab using Claude Opus 4.5, Cursor, and MCP to build and test EDR evasion malware against live Sophos, CrowdStrike, and Microsoft Defender installations.