When Anthropic turned its San Francisco office into a live, classified marketplace in December 2025, it wasn’t testing a new website so much as an idea: could autonomous Claude AI agents not only list items but negotiate and close real, multi-turn deals with zero human intervention? The answer, in the company’s “Project Deal” experiment, was a clear yes — and
Latest Articles
Cloudflare
Agents, Stripe Projects, and zero-friction Cloudflare provisioning
Agents can now take a project from idea to live production on Cloudflare without a human manually opening a dashboard, entering card details, or copying API keys. In partnership with Stripe’s new Projects flow, Cloudflare built a protocol that lets an orchestrator platform (like Stripe Projects) attest to a signed‑in user’s identity, provide a payment token, and expose a catalog of available services. An agent using that catalog can provision a Cloudflare account, start paid subscriptions, register domains, and receive…
Continue readingPhantomRPC: New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions
PhantomRPC is an architectural weakness in the Windows Remote Procedure Call (RPC) runtime that allows low-privileged processes to escalate to SYSTEM or Administrator by impersonating privileged clients. Disclosed by Kaspersky’s Haidar Kabibo at Black Hat Asia 2026, the flaw stems from how rpcrt4.dll handles connections to unavailable RPC servers: when a privileged process attempts an RPC call to a server
Pastebin-Hosted PowerShell Script Hijacks Telegram Sessions: What Happened and How to Respond
Security researchers recently uncovered a PowerShell script posted on Pastebin that was purpose-built to steal Telegram session data from both desktop and web clients. Masquerading as a benign “Windows Telemetry Update,” the script quietly collects host metadata, locates Telegram session stores, compresses them into an archive, and exfiltrates the file to an attacker-controlled Telegram bot. The discovery is notable less
DeepSeek V4: a cheaper, larger LLM that narrows the gap with frontier models
Chinese lab DeepSeek has released preview details for DeepSeek V4, a major update the company says brings its models much closer to so-called frontier systems. The announcement introduces two variants — V4 Flash and V4 Pro — and highlights big increases in scale, a 1 million-token context window, and aggressive pricing that positions the models as lower-cost alternatives to high-end
CISA: Zimbra XSS (CVE-2025-48700) Now Exploited — 10,500+ Servers Vulnerable
Over 10,000 instances of the Zimbra Collaboration Suite are exposed online and remain vulnerable to an actively exploited cross-site scripting flaw, raising fresh alarms about email server security for governments and businesses alike. The vulnerability, tracked as CVE-2025-48700, is serious because it can be triggered without user interaction and has been confirmed as abused in the wild, prompting action from
Hackers Leverage Microsoft Teams to Breach Organizations: Inside UNC6692’s SNOW Campaign
In late 2025 and into early 2026, a sophisticated intrusion campaign used the everyday familiarity of Microsoft Teams to turn routine collaboration into a direct route for enterprise compromise. By posing as IT helpdesk staff and exploiting users’ trust in external Teams invitations, the threat group tracked as UNC6692 moved from a simple chat message to full domain-level access—without exploiting