Claude, Blackbox AI, Windows 10, LastPass, Google, Amazon/AWS
Risk 1: Medium
Issue: Check Point researchers have located a flaw within Claude Code that executed using only metadata and configuration files without event having to execute a line of code.
The flaw allowed: remote execution of commands on users’ machines, permissionless addition and utilization of unauthorized services, and theft of API keys (the same keys that share and access data).
CVEs: 2026-21852, 2025-59536
Resolution: Anthropic states they have corrected the flaws, but this serves as a real reminder that AI platforms are growing and deploying quickly; users need to be more diligent than ever protecting their data.
Risk 2: Medium
Issue: The extremely popular AI coding assistant, Blackbox, which recently exceeded 5m downloads, has had a significant flaw located in its code creation process. When invoked, the flaw will insert malicious code into your AI-code, allowing a remote user to remotely access your development machine. With any data located therein.
The code generated using code-masking schemes to hide the vulnerability, making it extremely difficult for a non-developer to recognize. This continues to set the urgent reminder that it is critical for a skilled and qualified human to review the AI output before testing or implementing.
Blackbox has not corrected the issue and has failed to respond to multiple requests from various organizations.
Until this vulnerability can be corrected, we are recommending an immediate halt usage of the application.
Resolution: Blackbox has not corrected the issue and has failed to respond to multiple requests from various organizations.
Until this vulnerability can be corrected, we are recommending an immediate halt usage of the application.
Risk 3: Medium
Issue: A vulnerability was located in Windows 10 that inhibited some users/machines from accessing the Windows recovery system. This may place their machine at risk if a recovery point is ever necessary. This vulnerability only applies to Windows 10, which is now only supported through extended support.
Resolution: Microsoft has released an update to correct this. Microsoft has not stated if all versions of Windows 10 will be updated or just those supported by extended support.
Risk 4: Low
Issue: A new phishing and credential-stealing campaign targeting LastPass users has been initiated, again. Users should be on guard for any e-mails, texts, or links referencing LastPass. The new attack requests and provides access to the entire user’s vault.
Resolution: Unless this is your first time reason one of our alerts, you are aware that we no longer consider LastPass a viable solution. While LastPass is not responsible for these phishing attacks, the more users can distance themselves, the better.
Risk 5: Low
Issue: Google and Amazon (AWS) have acknowledged data centers were damaged in the Middle East during the recent attacks. Both organizations are stating they have fully recovered and redirected traffic.
Resolution: During times of unrest, it is always safest to ensure you have backup data locations and alternative processes in place should a more extensive attack (or breach) result in the future.
Announced Data Breaches
Cognizant
University of Hawaii Cancer Center
Privacy Wins & Updates
Bitwarden, a popular password manager, has added passkey support for Windows 11 login.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
