artificial intelligence | Breaking Cybersecurity News | The Hacker News

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside the guardrails and monitoring systems that platform providers implement by default, the company said. The vast majority of the exposures are located in China, accounting for a little over 30%. The countries with the most infrastructure footprint include the U.S., Germany, France, South Korea, India, Russia, Singapore, Brazil, and the U.K. "Nearly half of observed hosts are configured with tool-calling capabilities that enable them to execute code, access APIs, and interact with external systems, demonstrating the increasing implementation of LLMs into larger system processes," research...

This week's updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine on the surface often isn't. There's no single theme driving everything — just steady pressure across many fronts. Access, data, money, and trust are all being tested at once, often without clear warning signs. This edition pulls together those signals in short form, so you can see what's changing before it becomes harder to ignore. Major cybercrime forum takedown FBI Seizes RAMP Forum The U.S. Federal Bureau of Investigation (FBI) has seized the notorious RAMP cybercrime forum. Visitors to the forum's Tor site and its clearnet domain, ramp4u...

If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality. The deployment of AI in the SOC has not removed the human element. It has instead redefined how they are spending their time.  We now understand that the value of AI is not in replacing the operator. It is in solving the math problem of defense. Infrastructure complexity scales exponentially while headcount scales linearly. This mismatch previously forced teams to make statistical compromises and sample alerts rather than solving them. Agentic AI corrects this imbalance. It decouples investigation capacity from human availability and fundamentally alters the daily workflow of the sec...

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy , are no longer available on PyPI, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the Basque language dictionary file was a base64-encoded payload that downloads a full-featured Python RAT," Aikido researcher Charlie Eriksen said . "The attacker published three 'dormant' versions first, payload present, trigger absent, then flipped the switch with spellcheckpy v1.2.0, adding an obfuscated execution trigger that fires the moment you import SpellChecker." Unlike other packages that conceal the malicious functionality within "__init__.py" scripts, the threat actor behind the campaign has been found to add the payload inside a file named "re...

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week's recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Short updates that, together, show how quickly risk is shifting and why details can't be ignored. ⚡ Threat of the Week Improperly Patched Flaw Exploited Again in Fortinet Firewalls — Fortinet confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "We have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path," the company said. The activi...

If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google's Threat Intelligence Group , recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade conventional defenses. A deeper look at these novel attacks reveals both unprecedented sophistication and deception.  In November 2025, Anthropic reported on what it described as the first known "AI-orchestrated cyber espionage campaign." This operation featured AI integrated throughout the stages of attack, from initial access to exfiltration, which was executed largely autonomously by the AI itself.  Another recent trend concerns ClickFix-related attacks using steganography techniques (hiding malware within image files) that slipped past signature-based scans. Skillfully disguised ...

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea , Russia , Ukraine , and European nations , Check Point Research said in a technical report published last week. Active since at least 2014, Konni is primarily known for its targeting of organizations and individuals in South Korea. It's also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia. In November 2025, the Genians Security Center (GSC) detailed the hacking group's targeting of Android devices by exploiting Google's asset tracking service, Find Hub, to remotely reset victim devices and erase personal data from them, signaling a new escalation of their tradecraft. As recently as this month, Konni ha...

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: "Wait… who approved this?" Unlike users or applications, AI agents are often deployed quickly, shared broadly, and granted wide access permissions, making ownership, approval, and accountability difficult to trace. What was once a straightforward question is now surprisingly hard to answer. AI Agents Break Traditional Access Models AI agents are not just another type of user. They fundamentally differ from both humans and traditional service accounts, and those differences are what break existing access and approval models. Human access is built around clear intent. Permissions are tied to a role, reviewed periodically, and constrained by time and context. Service accounts, while non-human, are typ...

Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis wasn't speed or spectacle, but control gained through scale, patience, and misplaced trust. The stories below trace where that trust bent, not how it broke. Each item is a small signal of a larger shift, best seen when viewed together. Spear-phishing delivers custom backdoor Operation Nomad Leopard Targets Afghanistan Government entities in Afghanistan have been at the receiving end of a spear-phishing campaign dubbed Operation Nomad Leopard that employs bogus administrative documents as decoys to distribute a backdoor named FALSECUB by means o...

Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding "CISO-level protection" at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it's breaking their margins. That's where the quiet revolution is happening: AI isn't just writing reports or surfacing risks — it's rebuilding how security services are delivered . The Shift Until now, MSSPs scaled by adding people. Each new client meant another analyst, another spreadsheet, another late-night ticket queue. AI automation flips that model. It handles assessments, benchmarking, and reporting in minutes — freeing your team to focus on strategy, not data entry. Early adopters are already seeing double-digit margin gains and faster onboarding cycles — without increasing headcount. Real Proof — Not Theory When Chad Robinson , CISO at Secure Cyber Defense, applied Cynomi's AI platform, his team stopped drowning in manual checklists. He didn't ju...

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak , could be abused to leak cloud environment API keys and steal sensitive files, or perform server-side request forgery (SSRF) attacks against servers hosting AI applications. Chainlit is a framework for creating conversational chatbots. According to statistics shared by the Python Software Foundation, the package has been downloaded over 220,000 times over the past week. It has attracted a total of 7.3 million downloads to date. Details of the two vulnerabilities are as follows - CVE-2026-22218 (CVSS score: 7.1) - An arbitrary file read vulnerability in the "/project/element" update flow that allows an authenticated attacker to access the contents of any ...

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins. The latest insight makes VoidLink one of the first instances of an advanced malware largely generated using AI. "These materials provide clear evidence that the malware was produced predominantly through AI-driven development, reaching a first functional implant in under a week," the cybersecurity company said, adding it reached more than 88,000 lines of code by early December 2025. VoidLink, first publicly documented last week, is a feature-rich malware framework written in Zig that's specifically designed for long-term, stealthy access to Linux-based cloud environments. The malware is said...

A set of three security vulnerabilities has been disclosed in mcp-server-git , the official Git Model Context Protocol ( MCP ) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, a compromised webpage) can weaponize these vulnerabilities without any direct access to the victim's system," Cyata researcher Yarden Porat said in a report shared with The Hacker News. Mcp-server-git is a Python package and an MCP server that provides a set of built-in tools to read, search, and manipulate Git repositories programmatically via large language models (LLMs). The security issues, which have been addressed in versions 2025.9.25 and 2025.12.18 following responsible disclosure in June 2025, are listed below - CVE-2025-68143 (CV...

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed over $12 billion in transactions, making it the third-largest illicit marketplace of all time. "Other parts of Tudou Guarantee, such as its gambling operations, continue to function, so it remains to be seen whether this represents the first stages of a full shutdown or a pivot away from fraud-related activity," the company said . Tudou Guarantee is just one of the many Telegram-based marketplaces serving cyber fraudsters, the others being HuiOne Guarantee and Xinbi Guarantee , which collectively engaged in over $35 billion in USDT transactions. Thousands of channels associated with...

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar's privacy controls by hiding a dormant malicious payload within a standard calendar invite. "This bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction," Eliyahu said in a report shared with The Hacker News. The starting point of the attack chain is a new calendar event that's crafted by the threat actor and sent to a target. The invite's description embeds a natural language prompt that's designed to do their bidding, resulting in a prompt injection. The attack gets activated when a user asks Gemini a completely inno...