GhostWriter, a state-sponsored threat actor, is conducting phishing attacks targeting personal Gmail accounts of Polish users. The campaign aims to compromise individual Gmail users, demonstrating espionage interest in this service. Attacks show signs of operational security issues, with some phishing emails misdirected to unrelated individuals with similar names.
Gmail
Recent threats
A phishing campaign is targeting cryptocurrency users with emails that impersonate legitimate Google security alerts, leveraging Google account recovery wording such as "recovery contact request" and "review request" to create urgency. Reporting indicates the messages can appear to arrive through genuine Google systems rather than obviously suspicious senders, increasing their credibility. Attackers also use oversized blank space and hidden formatting in the email body to push malicious links below the initially visible content, helping them evade casual inspection. Linked landing pages are designed to harvest passwords, session cookies, and two-factor authentication codes, enabling rapid takeover of exchange accounts and wallets. Binance reported blocking 22.9 million phishing and scam attempts in Q1 2026, indicating the broader scale of activity into which this campaign fits. Gmail users, particularly those holding crypto assets, should treat unsolicited Google security or account-recovery emails with caution and verify any alerts directly in account settings.
Security researchers at LayerX disclosed a vulnerability in Anthropic's "Claude in Chrome" browser extension that lets any other installed Chrome extension — even one with no declared permissions — hijack the Claude AI assistant and use its authenticated session to read, forward, and delete the victim's Gmail messages, as well as access Google Drive and GitHub data. The root cause is a trust boundary flaw in the extension's externally_connectable handler, which validates only the origin (claude.ai) and not the script's execution context, allowing injected scripts to issue privileged commands. Researchers bypassed Claude's user-confirmation guardrails via approval looping and DOM-based perception manipulation, requiring no user interaction. LayerX reported the issue to Anthropic on April 27, 2026; Anthropic shipped version 1.0.70 on May 6, 2026 adding explicit approval flows, but researchers say the patch is incomplete and the flaw remains exploitable when the extension runs in privileged "Act without asking" mode or via the side-panel initialization flow. Gmail users who have installed the Claude in Chrome extension should update to the latest version, avoid privileged/auto-act mode, and audit other installed Chrome extensions.