artificial intelligence | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon , an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by Docker with the release of version 4.50.0 in November 2025. "In DockerDash, a single malicious metadata label in a Docker image can be used to compromise your Docker environment through a simple three-stage attack: Gordon AI reads and interprets the malicious instruction, forwards it to the MCP [Model Context Protocol] Gateway, which then executes it through MCP tools," Sasi Levi, security research lead at Noma, said in a report shared with The Hacker News. "Every stage happens with zero validation, taking advantage of current agents and MCP Gateway architecture." ...

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said . "You can also review and manage individual AI features if you choose to use them. This lets you use Firefox without AI while we continue to build AI features for those who want them." Mozilla first announced its plans to integrate AI into Firefox in November 2025, stating it's fully opt-in and that it's incorporating the technology while placing users in the driver's seat. The new feature is expected to be rolled out with Firefox 148, which is scheduled to be released on February 24, 2026. At the outset, AI controls will allow users to manage the following settings individually - Translations Alt text in PDFs (adding accessibility descrip...

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistant formerly known as both Clawdbot and Moltbot. The analysis, which Koi conducted with the help of an OpenClaw bot named Alex, found that 335 skills use fake pre-requisites to install an Apple macOS stealer named Atomic Stealer (AMOS). This activity set has been codenamed ClawHavoc . "You install what looks like a legitimate skill – maybe solana-wallet-tracker or youtube-summarize-pro," Koi researcher Oren Yomtov said. "The skill's documentation looks professional. But there's a 'Prerequisites' section that says you need to install something first." This...

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to full gateway compromise. "The Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload," OpenClaw's creator and maintainer Peter Steinberger said in an advisory. "Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker can then connect to the victim's local gateway, modify config (sandbox, tool policies), and invoke privileged actions, achieving 1-click RCE."

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead. This week’s recap brings you the key moments that matter most, in one place, so you can stay informed and ready for what’s next. ⚡ Threat of the Week Google Disrupts IPIDEA Residential Proxy Network — Google has crippled IPIDEA, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. According to the tech giant, not only do these networks permit bad actors to conceal their malicious traffic, but they also open up users who enroll their devices to further attacks. Residential IP addresses in the U.S., Canada, and Europe were seen as the most desirable. ...

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity , observed by HarfangLab in January 2026, has been codenamed RedKitten . It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025, protesting soaring inflation, rising food prices, and currency depreciation. The ensuing crackdown has resulted in mass casualties and an internet blackout . "The malware relies on GitHub and Google Drive for configuration and modular payload retrieval, and uses Telegram for command-and-control," the French cybersecurity company said. What makes the campaign noteworthy is the threat actor's likely reliance on large language models (LLMs) to build and orchestrate the necessary tooling. The starting point of the attack is a 7-Zip archive with a Farsi filename that contains...

A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing the tech giant's trade secrets related to artificial intelligence (AI) technology for the benefit of the People's Republic of China (PRC). "Silicon Valley is at the forefront of artificial intelligence innovation, pioneering transformative work that drives economic growth and strengthens our national security," said U.S. Attorney Craig H. Missakian. "We will vigorously protect American intellectual capital from foreign interests that seek to gain an unfair competitive advantage while putting our national security at risk." Ding was indicted in March 2024 for ...

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside the guardrails and monitoring systems that platform providers implement by default, the company said. The vast majority of the exposures are located in China, accounting for a little over 30%. The countries with the most infrastructure footprint include the U.S., Germany, France, South Korea, India, Russia, Singapore, Brazil, and the U.K. "Nearly half of observed hosts are configured with tool-calling capabilities that enable them to execute code, access APIs, and interact with external systems, demonstrating the increasing implementation of LLMs into larger system processes," research...

This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine on the surface often isn’t. There’s no single theme driving everything — just steady pressure across many fronts. Access, data, money, and trust are all being tested at once, often without clear warning signs. This edition pulls together those signals in short form, so you can see what’s changing before it becomes harder to ignore. Major cybercrime forum takedown FBI Seizes RAMP Forum The U.S. Federal Bureau of Investigation (FBI) has seized the notorious RAMP cybercrime forum. Visitors to the forum's Tor site and its clearnet domain, ramp4u...

If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality. The deployment of AI in the SOC has not removed the human element. It has instead redefined how they are spending their time.  We now understand that the value of AI is not in replacing the operator. It is in solving the math problem of defense. Infrastructure complexity scales exponentially while headcount scales linearly. This mismatch previously forced teams to make statistical compromises and sample alerts rather than solving them. Agentic AI corrects this imbalance. It decouples investigation capacity from human availability and fundamentally alters the daily workflow of the sec...

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy , are no longer available on PyPI, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the Basque language dictionary file was a base64-encoded payload that downloads a full-featured Python RAT," Aikido researcher Charlie Eriksen said . "The attacker published three 'dormant' versions first, payload present, trigger absent, then flipped the switch with spellcheckpy v1.2.0, adding an obfuscated execution trigger that fires the moment you import SpellChecker." Unlike other packages that conceal the malicious functionality within "__init__.py" scripts, the threat actor behind the campaign has been found to add the payload inside a file named "re...

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Short updates that, together, show how quickly risk is shifting and why details can’t be ignored. ⚡ Threat of the Week Improperly Patched Flaw Exploited Again in Fortinet Firewalls — Fortinet confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "We have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path," the company said. The activi...

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group , recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade conventional defenses. A deeper look at these novel attacks reveals both unprecedented sophistication and deception.  In November 2025, Anthropic reported on what it described as the first known “AI-orchestrated cyber espionage campaign.” This operation featured AI integrated throughout the stages of attack, from initial access to exfiltration, which was executed largely autonomously by the AI itself.  Another recent trend concerns ClickFix-related attacks using steganography techniques (hiding malware within image files) that slipped past signature-based scans. Skillfully disguised ...

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea , Russia , Ukraine , and European nations , Check Point Research said in a technical report published last week. Active since at least 2014, Konni is primarily known for its targeting of organizations and individuals in South Korea. It's also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia. In November 2025, the Genians Security Center (GSC) detailed the hacking group's targeting of Android devices by exploiting Google's asset tracking service, Find Hub, to remotely reset victim devices and erase personal data from them, signaling a new escalation of their tradecraft. As recently as this month, Konni ha...

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared broadly, and granted wide access permissions, making ownership, approval, and accountability difficult to trace. What was once a straightforward question is now surprisingly hard to answer. AI Agents Break Traditional Access Models AI agents are not just another type of user. They fundamentally differ from both humans and traditional service accounts, and those differences are what break existing access and approval models. Human access is built around clear intent. Permissions are tied to a role, reviewed periodically, and constrained by time and context. Service accounts, while non-human, are typ...

Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis wasn’t speed or spectacle, but control gained through scale, patience, and misplaced trust. The stories below trace where that trust bent, not how it broke. Each item is a small signal of a larger shift, best seen when viewed together. Spear-phishing delivers custom backdoor Operation Nomad Leopard Targets Afghanistan Government entities in Afghanistan have been at the receiving end of a spear-phishing campaign dubbed Operation Nomad Leopard that employs bogus administrative documents as decoys to distribute a backdoor named FALSECUB by means o...