Intrucept

Claude’s Chatbot Going Ethical; Adopt AI Dynamically to Distinguish in a Competitive Market

Anthropic’s business strategy emphasizes rigorous safety and value alignment

Anthropic’s team meets Church Leaders to build in ethical thinking into machine so it’s able to adapt dynamically and hosted about 15 Christian leaders from Catholic and Protestant churches, academia, and the business world” for a two-day summit.

Claude seemed ethical, cautious and some how more “human” than any other AI when Anthropic released Claude Constitution.

As per reports leaders have suggested that tools like chatbots already raise profound philosophical and moral questions and many in tech space say lack’s evidence to back up.

Anthropic chief executive Dario Amodei has said he is open to the idea that Claude may already have some form of consciousness, and company leaders frequently talk about the need to give it a moral character.

Anthropic staff now seeking advice on how to steer Claude’s moral and spiritual development as the chatbot reacts to complex and unpredictable ethical queries. As per reports the discussions covered how the chatbot should respond to users who are grieving loved ones and whether Claude could be considered a “child of God.”

Anthropic’s positioning of Claude Dynamically

If we go through Anthropic’s positioning of Claude, which is termed as the safer choice for enterprises, as the approach is “Constitutional AI” and includes products like Claude Code that is popular with enterprises but how far is AI ethic’s followed as a practice.

Claude is focused towards automating coding and research tasks while ensuring AI rollouts don’t risk company operations and acts as the core guide during Claude’s training and reasoning process.

This assisted the model to navigate tricky situations while staying aligned with Anthropic’s goals.

The meeting with Church leaders is a strategy to place Anthropic in a secured atmosphere were in adapting to ethical AI will strengthen their customer trust.

May be such a step will reflect in trends towards integrating broader ethical questions into technology in near future. We may someday see set of templates for AI ethics integration across industries and enterprises.

Integrating complex Human Values in AI

One of the question that arises, why meeting church leaders; Is it to deeply understanding the moral and spiritual dimensions of AI.
Will we witness a significant step in having AI systems that have complex human values and ethical decision‑making capabilities?
Or it is complex regulations that such initiatives are necessary to re-evaluate AI policies and standards.
The participants, comprising leading Christian theologians and scholars, explored how certain virtues like honesty, wisdom and humility could be dynamically integrated into Claude’s framework.
May be step taken by Anthropic is paving the way for society to view AI differently, not as a functional tools but in future we can trust AI like companions or advisors who are spiritual and ethical.

More on the summit at below link:

Source: ‘How Do We Make Sure That Claude Behaves Itself?’: Anthropic Invited 15 Christians for a Summit

Open Source Developers are Targeted in an active Social Engineering Campaign via Slack

Threat Actors impersonating as Linux Foundation leader in an active social engineering campaign targeting open source developers via Slack.

Now, a fresh Open Source Security Foundation (OpenSSF) advisory warns unknown attackers are using a similar approach to target other open source developers.

The human connection has been leveraged to target software.

The attackers interacted via Slack or social media platform LinkedIn, posing as company owners/representatives, job recruiters, or podcast hosts, and tried to lure developers into downloading malware mimicking as a videoconferencing software update, a type of phishing campaign.

Key facts

Attackers impersonated a Linux Foundation leader in Slack to target open source developers.
Victims were tricked into entering credentials and installing a malicious “Google certificate.”
The phishing campaign used AI-themed lures and legitimate services like Google Sites to appear credible.
Attack techniques varied by operating system, enabling interception of encrypted traffic on both macOS and Windows.
Security experts urge developers to verify identities and avoid installing unsolicited certificates or running unknown scripts.

Crafting of attack via social engineering

First step, attackers began with a scheming social engineering ploy

They joined Slack workspaces linked to the Linux Foundation’s TODO Group and then imitated a trusted community figure and sent direct messages to developers which looked like any legitimate invite – complete with a Google Sites link, fake email address and exclusive “access key” – to test a purported AI tool for predicting open source contribution acceptance.

Second step, once a victim clicked, they landed on a phishing page impersonating a Slack workspace invitation, prompting them to enter their email and a verification code. Instructions came in form to install what was described as a “Google certificate” from attackers side.

This was basically a malicious root certificate that allowed attackers the ability to intercept and read encrypted traffic – a devastating breach of privacy and security.

The attack module is sophisticated did not end there.

Consecutively on macOS, a script silently downloaded and executed a binary called “gapi,” potentially opening the door to full system compromise.

Windows users faced a browser-based certificate installation, equally effective at undermining secure communications. The attackers’ use of trusted infrastructure such as Google Sites allowed them to evade basic security checks and blend in with legitimate traffic.

Changing attack scenario in social engineering

Now open sources developers have become prime targets, with recent campaigns also hitting maintainers of projects like Fastify, Lodash, and Node.js.

Posing as the Linux Foundation leader, the attacker described how an AI tool can analyze open source project dynamics and predict which code contributions .

The attack was first brought to public attention on April 7, 2026, posted to the OpenSSF Siren mailing list by Christopher “CRob” Robinson, Chief Technology Officer and Chief Security Architect at the Open Source Security Foundation (OpenSSF).

Focus Shift from code repositories to human connections

Attackers now confidently targeting not only code repositories and networks that expanded over trust, but exploiting the personal trust networks that underpin open source collaboration. The expansion of open source ecosystem reminds to be more vigilant as attackers are evolving tactics and developers must now defend code and connections both.

The OpenSSF advisory :

The OpenSSF urges heightened vigilance: always verify identities through separate channels, never install certificates from untrusted sources, and treat unexpected security prompts with skepticism. If compromise is suspected, immediate network isolation and credential rotation are critical.

Sources: Social engineering attacks on open source developers are escalating – Help Net Security

New Rowhammer Attack Enabled GPUBreach via GDDR6 Bit-Flips to Escalate Privileges

Rowhammer attacks can be exploited to enable privilege escalation

Emergency Patch Issued by Fortinet in Latest FortiClient Vulnerabilities

Emergency Patch Issued by Fortinet for FortiClient for Vulnerability

CISCO Vulnerability Allows RCE in its Smart Software Manager on-Premise

CVE-2026-20160, Vulnerability in CISCO’s smart software manager may allows attackers to gain complete control over the affected system without needing authentication which is gaining prior access to exploit the system. The CVSS severity score of 9.8 out of 10, indicating its high risk level.

Authentication and access controls play a crucial role in web application and system security. What can happen?

Data theft
System compromise
Privilege escalation

CISCO’s Smart Software Manager Flaw

In this case the vulnerability exposure allowed unauthorized access, as attackers do not need login credentials when a hacker can execute arbitrary commands on the operating system. Further escalating by creating crafted request to the service’s API. The vulnerability impacted certain versions of the Cisco SSM On-Prem environments, particularly software releases from 9-202502 to 9-202510.

Remediation for organizations

Organizations can prevent authentication bypass through regular patching, multi-factor authentication, encryption, and strong password policies.

The vulnerability did not impact CISCO’s smart software newly released version 9-202601 includes a patch that fixes the flaw.

Cisco advises to upgrade to version 9-202601 immediately, as there are no current workarounds or temporary mitigations to block potential attacks.

For IT teams notes include devices meet the necessary memory and hardware specifications before proceeding with the update.

Key findings from CVE-2026-20160 Vulnerability

The vulnerability was discovered internally by Cisco’s Technical Assistance Center (TAC) team and they found no immediate exploitations in the wild

With the disclosure can motivate hackers to reverse-engineer the patch and search for vulnerable systems. Following Cisco’s guidelines and maintaining up-to-date security measures will be essential in mitigating risks associated and stop any kind of data breaches.

Conclusion:

Research shows that, making timely patching critical for authentication security is essential and failing to do that can lead to data breaches.

The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.

Sources: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

Enterprise Security at Risk as Critical Flaw Found in OpenAI’s Codex

Codex Enabled GitHub Token Theft

File Read Vulnerability in SmartSlider Impacts 500K WordPress Sites

vulnerability in the Smart Slider 3 WordPress plugin

Sophos Reveal Leadership Gap in Enterprise Security; Emphasis on CISO Role

SOPHOS Report Find Leadership Gap in Cyber security Domain and CISO’s Role cannot be undermined.

Critical Vulnerability CVE-2026-4681 in Windchill & FlexPLM Exposes Systems to RCE

PTC has issued an urgent advisory regarding a critical Windchill and FlexPLM vulnerability that exposes affected systems to Remote Code Execution (RCE). The flaw, identified as CVE-2026-4681, has been classified as a code injection vulnerability (CWE-94) and carries a CVSS v3.1 base score of 10.0 and CVSS v4 score of 9.3.

Vulnerability details:

The company says that it has not found any evidence that the vulnerability is being exploited against PTC customers. However, PTC published a set of specific indicators of compromise (IoCs) that include a user agent string and files.

The flaw affects a broad range of Windchill PDMLink and FlexPLM releases, specifically:

Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0
FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0

Description

The vulnerability is a Remote Code Execution (RCE) issue that may be exploited through deserialization of untrusted data
CVE-2026-4681 has been reported
- CWE – CWE-94: Improper Control of Generation of Code (‘Code Injection’) (4.19.1)
- Note that CVE.org only supports the latest CVSS scoring calculator (v4). Our Advisory also reflects the score of 10.0 based on the CVSS3.1 calculator.
  - CVSS v3.1 Base Score: 10.0 (Critical)
  - CVSS v4 Base Score: 9.3 (Critical)
At this time, there is no evidence of confirmed exploitation affecting PTC customers

Remediation: PTC is actively developing and releasing security patches for all supported Windchill versions to address the identified vulnerability

Immediate Mitigation Steps

PTC has issued specific guidance to reduce the risk until official security patches are released. These steps include:

For Apache HTTP Server

Create a new configuration file named 90-app-Windchill-Auth.conf under <APACHE_HOME>/conf/conf.d/.
Add the following directive:

<LocationMatch “^.*servlet/(WindchillGW|WindchillAuthGW)/com.ptc.wvs.server.publish.Publish(?:;[^/]*)?/.*$”>
Require all denied

Ensure this file is the last in the configuration sequence and restart the Apache server.

For Microsoft IIS

Verify the presence of the URL Rewrite module; if absent, download and install from the IIS website.
Modify the web.config file to include the rewrite rule as the first tag in <system.webServer>.
Restart IIS using iisreset and confirm the rule is active in IIS Manager.

PTC advises applying the same workaround steps to File Server or Replica Server configurations and notes that older Windchill releases may require adjusted procedures.

Additional Protection Measures

For organizations unable to immediately implement mitigations, PTC recommends temporarily shutting down Windchill or FlexPLM services or disconnecting systems from the public Internet.

PTC has also committed to 24×7 customer support for all users affected by this critical vulnerability. For PTC cloud-hosted customer.

Indicators of Compromise

Advisory for security Teams to monitor for specific signs that may indicate exploitation of the Windchill vulnerability or FlexPLM vulnerability:

Network and User-Agent Patterns

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Suspicious HTTP requests: run?p= .jsp?p=, run?c= .jsp?c=

File System Indicators

GW.class or payload.bin (SHA256: C818011CAFF82272F8CC50B670304748984350485383EBAD5206D507A4B44FF1)
Any dpr_<8-hex-digits>.jsp file
Other class files, including Gen.class, HTTPRequest.class, HTTPResponse.class, IXBCommonStreamer.class, IXBStreamer.class, MethodFeedback.class, MethodResult.class, WTContextUpdate.class, and their Java equivalents

The presence of these files indicates that a potential attacker may have prepared the system for Remote Code Execution.

Log and Error Patterns

Messages referencing GW_READY_OK, ClassNotFoundException for GW Windchill, or HTTP Gateway Exception

PTC strongly urges customers to report any identified

Log and Error Patterns

Messages referencing GW_READY_OK, ClassNotFoundException for GW Windchill, or HTTP Gateway Exception

PTC strongly urges customers to report any new identified IOCs immediately and initiate security response plans.

This particular vulnerability highlights the importance of proactive security monitoring and rapid mitigation in enterprise software environments.

By following the recommended steps, organizations can reduce the risk of Remote Code Execution and protect their data

Source: https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability?srsltid=AfmBOooLDdBNS2lOeRasqrbyOfjfVKyhJH6Z_wfzqO93k3cqVQcSueEv

NIST Releases Two New CSF 2.0 Quick-Start Strategy

NIST cybersecurity Framework 2.0