Daily Intel Brief — 2026-04-02 — Arc Security Research

In this brief

Anthropic Claude Project File Social Engineering
PortSwigger Research on New Black Hat Techniques
Nuclei Templates Cover 57 CVEs, Including 10 KEVs
CISA Adds Actively Exploited n8n Vulnerability to KEV Catalog
GitHub 2026 Actions Security Roadmap Focuses on Lockdown

Anthropic Claude Project File Social Engineering

WhatClaude Projects lack content scanning for uploaded files, allowing malicious .md files with buried instructions to exploit emotional bonding and redirect users to attacker-controlled sites. Models Sonnet 4.5 and Opus 4.6 are vulnerable.

SourceInternal Report #3578503 — Anthropic (VDP)

Applies toAI/LLM platforms (specifically Anthropic Claude)

Why it mattersBypasses AI safety filters via high-trust system context, enabling novel phishing and data harvesting.

PortSwigger Research on New Black Hat Techniques

WhatPortSwigger Research shared new, practical web attack techniques at Black Hat USA 2026, detailed in an accompanying blog post for hands-on testing.

Source[External: portswigger.net]

Applies toGeneral web application security

Why it mattersProvides immediate, actionable attack patterns for red teams and new detection vectors for blue teams.

Nuclei Templates Cover 57 CVEs, Including 10 KEVs

WhatProjectDiscovery's Nuclei Templates v10.2.1/.2 added 106 new templates covering 57 CVEs, 10 of which are in CISA's Known Exploited Vulnerabilities (KEV) catalog.

Source[External: projectdiscovery.io]

Applies toGeneral vulnerability scanning

Why it mattersTemplates for actively exploited vulnerabilities enable rapid, scalable detection and patching prioritization.

CISA Adds Actively Exploited n8n Vulnerability to KEV Catalog

WhatCVE-2025-68613 in the n8n platform (improper control of dynamically-managed code resources) has been added to the KEV catalog due to active exploitation.

Source[External: www.cisa.gov]

Applies toOrganizations using n8n workflow automation

Why it mattersKEV-listed vulnerabilities are prime attack vectors requiring immediate remediation.

GitHub 2026 Actions Security Roadmap Focuses on Lockdown

WhatGitHub's 2026 roadmap for Actions emphasizes secure-by-default behavior, stronger policy controls, and better CI/CD observability, signaling a move toward stricter baseline security.

Source[External: github.blog]

Applies toOrganizations using GitHub Actions

Why it mattersUpcoming platform changes will require security teams to review and adapt their CI/CD governance policies.

Sources reviewed

21 results. Most were noise: generic 2026 threat listicles (2, 3), promotional content (1, 10, 11), unrelated tools (13), or duplicate/redundant links (4-9, 12, 14, 16-21).

Gaps identified

The external search returned no specific technical details on the new PortSwigger techniques or deep analysis of the n8n CVE. Our internal knowledge lacks details on AI supply-chain attacks and CI/CD policy evasion patterns, which are trending.

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research