Tag: ai-abuse

All items tagged ai-abuse.

• Research: the AI agent and toolchain control plane became a concrete attack-surface class this week
  in 2026-W25
• AutoJack — Microsoft shows a single web page can drive host RCE through an AI agent's local MCP server
  in 2026-06-20
• CVE-2026-12046 / CVE-2026-12045 / CVE-2026-12048 — pgAdmin 4: unauthenticated pickle deserialization RCE, AI-Assistant read-only-transaction bypass, stored XSS
  in 2026-06-19
• Sophos X-Ops: underground AI adoption is cautious but concrete — LLM-assisted packers, LLM C2 orchestration, NLP-triaged leak markets [SINGLE-SOURCE]
  in 2026-06-19
• Unit 42 "Pickle in the Middle": cross-tenant code execution in Google Vertex AI via predictable staging buckets (CVE-2026-2473)
  in 2026-06-17
• Obsidian Security: a three-CVE chain turns any LiteLLM user into root on the AI gateway
  in 2026-06-16
• Varonis "SearchLeak" (CVE-2026-42824): one-click M365 Copilot data exfiltration, now patched
  in 2026-06-16
• UPDATE: FBI "Operation Ghost Hook" seizes the Outsider PhaaS infrastructure Google had sued
  in 2026-06-15
• APT28 (GRU Unit 26165) — Sekoia documents a shift to LLM-generated payloads and cloud-native C2 `[SINGLE-SOURCE]`
  in 2026-W24
• Sekoia: APT28 (GRU Unit 26165) tradecraft shifts to LLM-generated payloads and cloud-native C2 [SINGLE-SOURCE]
  in 2026-06-14
• Check Point chains SQL injection to RCE in LangGraph's checkpointer (CVE-2025-67644 + CVE-2026-28277)
  in 2026-06-13
• "Agentjacking": Tenet Security hijacks AI coding agents via forged Sentry error events
  in 2026-06-13
• Google sues China-based "Outsider" PhaaS network for weaponising Gemini to mass-produce phishing pages
  in 2026-06-13
• Imperva and Varonis: indirect prompt injection and "agent phishing" against the OpenClaw AI agent — fixed in v2026.4.23, but the attack class generalises
  in 2026-06-12
• ANNUAL REPORT [SINGLE-SOURCE] — CrowdStrike 2026 Technology Threat Landscape Report: technology is now the most-targeted sector
  in 2026-06-11
• Meta discloses 20,225 Instagram account takeovers via an AI support-tool logic flaw; Maine AG notification filed 8 June
  in 2026-06-10
• Red Canary: Microsoft Entra Agent ID abuse — OBO OAuth flow turns a compromised AI agent into a delegated phishing sender [SINGLE-SOURCE]
  in 2026-06-10
• UPDATE: Shai-Hulud/Miasma supply-chain worm jumps to PyPI as "Hades" — 37 malicious wheels across 19 packages
  in 2026-06-10
• CVE-2026-42271 — BerriAI LiteLLM: low-privilege command injection to host RCE, added to CISA KEV
  in 2026-06-09
• Microsoft Threat Intelligence: AI-brand impersonation drives Lumma Stealer and Vidar delivery via signed binaries
  in 2026-06-09
• An autonomous AI agent finds 21 zero-days in FFmpeg for ~$1,000 — nine numbered (CVE-2026-39210 to -39218), parser bugs up to 23 years old
  in 2026-06-07
• GMO Flatt Security: one GitHub issue could hijack any public repo running Anthropic's claude-code-action — and could have poisoned the action itself
  in 2026-06-05
• University of Toronto / Vector Institute: a self-propagating worm that runs open-weight LLMs on compromised hosts to synthesise per-target exploits
  in 2026-06-05
• Sophos finds an attacker-built, AI-orchestrated EDR-evasion testing lab during incident response
  in 2026-06-03
• Attackers social-engineer Meta's AI support chatbot into resetting Instagram passwords
  in 2026-06-02
• GREYVIBE — newly documented Russia-nexus cluster deploys five parallel attack chains against Ukraine with AI-generated lures and two PowerShell RATs
  in 2026-05-30
• LLMShare malvertising campaign: attackers embed fake outage pages in ChatGPT share links and serve infostealer downloads via Google Ads
  in 2026-05-30
• Sysdig TRT: first observed LLM-agent-driven post-exploitation — CVE-2026-39987 Marimo notebook RCE to database exfiltration in 4 pivots under one hour
  in 2026-05-30
• ChatGPhish: Permiso Security documents ChatGPT Markdown renderer trusting third-party image URLs and links — used for IP exfiltration and phishing via legitimate chatgpt.com
  in 2026-05-30
• [SINGLE-SOURCE] Red Canary: detecting Entra Agent ID privilege escalation — credential injection into agent blueprints enables lateral movement across the entire tenant
  in 2026-05-30
• CVE-2026-4868 (+ five further CVEs) — GitLab 19.0.1 / 18.11.4 / 18.10.7 patch release: Duo AI identity impersonation, unauthenticated project enumeration
  in 2026-05-29
• Microsoft Defender Experts — AI-chatbot search-poisoning extends SEO-poisoning lure; GPU-utility lookalikes drop ScreenConnect, then process-hollowed miners under signed Microsoft binary
  in 2026-05-28
• "TrapDoor" cross-ecosystem supply-chain campaign validates stolen tokens before exfil and poisons AI-assistant config files
  in 2026-05-26
• ACR Stealer distributed through counterfeit Claude AI download pages promoted by malicious search ads [SINGLE-SOURCE]
  in 2026-05-26
• Google's threat-intel group maps a Chinese-language PhaaS ecosystem doing real-time OTP relay over RCS/iMessage [SINGLE-SOURCE]
  in 2026-05-26
• UPDATE: TeamPCP / Mini Shai-Hulud — framework open-sourced, Microsoft PyPI SDK trojanised with a wiper stage, forged Sigstore badges
  in 2026-05-26
• Mini Shai-Hulud / TrapDoor — the supply-chain worm goes cross-ecosystem, open-source and destructive
  in 2026-W22
• AI tooling as lure, attack surface and force-multiplier — the cross-day pattern no single daily framed whole
  in 2026-W22
• GREYVIBE — independent corroboration; OPSEC slips enabled attribution; charity-front sub-campaign
  in 2026-W22
• ANNUAL REPORT — Rapid7 Q1 2026 Threat Landscape Report: vulnerability exploitation now top initial-access vector at 38 %; KEV median time to listing collapses to 5 days
  in 2026-05-23
• ANNUAL REPORT — Check Point Research March-April 2026 AI Threat Landscape Digest: a single operator runs two AI platforms in parallel to breach nine Mexican government agencies [SINGLE-SOURCE]
  in 2026-05-23
• CVE-2026-45829 — ChromaDB Python FastAPI server: pre-auth RCE via embedding-function model loading before auth check (CVSS 4.0 = 10.0; still unpatched in v1.5.9)
  in 2026-05-21
• vm2 Node.js sandbox — 12 critical CVEs (CVE-2026-43997 / 43999 / 44005 / 44006 / 44008 / 44009 et al.), sandbox escape to host RCE, upgrade to ≥ 3.11.4
  in 2026-05-20
• CVE-2026-45829 — ChromaDB Python server: pre-auth RCE before the auth check, still unpatched
  in 2026-W21
• Verizon 2026 DBIR — vulnerability exploitation is the #1 breach vector for the first time in 19 years; patching cadence regressed
  in 2026-W21
• Rapid7 Q1 2026 Threat Landscape Report — corroborates the structural shift; KEV-to-listing window collapsing
  in 2026-W21
• Check Point Research March–April 2026 AI Threat Landscape Digest — operator-run AI platforms breach government agencies [SINGLE-SOURCE]
  in 2026-W21
• TeamPCP / Mini Shai-Hulud npm supply-chain worm — wave 4 + framework source leak
  in 2026-W20
• AI tooling SaaS and developer toolchain
  in 2026-W20
• Datadog Security Labs — Shai-Hulud framework static analysis
  in 2026-W20
• GTIG AI Threat Tracker (May 2026) — first AI-generated zero-day exploit ITW
  in 2026-W20
• TeamPCP / Mini Shai-Hulud (ShinyHunters / WorldLeaks adjacent) — wave 4 + framework leak + IDE persistence
  in 2026-W20
• EU Digital Omnibus political agreement — AI Act high-risk Annex III compliance deadline extended to 2 December 2027
  in 2026-W20
• CVE-2026-44112 / CVE-2026-44113 / CVE-2026-44115 / CVE-2026-44118 — OpenClaw "Claw Chain": four chainable flaws in autonomous-agent platform enable sandbox escape → credential leak → privilege escalation → file disclosure
  in 2026-05-16
• Microsoft MDASH — multi-model agentic vulnerability-discovery harness finds 16 Windows CVEs in network-stack kernel components
  in 2026-05-13
• NCSC-UK — "10 questions to ask when using AI models to find vulnerabilities"
  in 2026-05-13
• UPDATE: Mini Shai-Hulud — TeamPCP worm hits TanStack, UiPath, Mistral AI, OpenSearch (160+ package versions)
  in 2026-05-13
• UPDATE: TeamPCP (UNC6780 / PCPJack ecosystem) backdoors the Checkmarx Jenkins AST plugin — third Checkmarx supply-chain compromise in three months, SANDCLOCK exfiltrates every CI secret reachable from the runner
  in 2026-05-12
• Hardening / detection summary
  in 2026-05-12
• Implement egress controls on LLM API endpoints for production server workloads
  in 2026-05-12
• CVE-2026-42208 LiteLLM Proxy — pre-auth SQL injection exposing upstream LLM-provider API keys at the multi-tenant SaaS layer
  in 2026-W19
• CVE-2026-26030 + CVE-2026-25592 — Microsoft Semantic Kernel Python and .NET SDKs: a class-of-bug for agentic-AI frameworks
  in 2026-W19
• AI tooling SaaS (multi-tenant credential aggregation, US)
  in 2026-W19
• Dragos 2025 OT Cybersecurity Year in Review — Frontlines IR Edition
  in 2026-W19
• CERT-FR CERTFR-2026-ACT-016 — agentic AI three-risk-class advisory; defender obligations explicit
  in 2026-W19
• NCSC Switzerland — formal BACS assessment on AI in vulnerability management; defenders warned against over-reliance on AI detection
  in 2026-W19
• Braintrust AI evaluation platform AWS account breach — multi-tenant LLM-provider keys and SaaS credentials at risk; mandatory key rotation across customer base
  in 2026-05-10
• CVE-2026-26030 / CVE-2026-25592 — Microsoft Semantic Kernel: prompt-injection-to-RCE in the Python and .NET SDKs of Microsoft's AI agent orchestration framework (CVSS 9.9 each)
  in 2026-05-10
• Hardening / mitigation
  in 2026-05-10
• Upgrade Microsoft Semantic Kernel and audit `[KernelFunction]` methods
  in 2026-05-10
• LiteLLM Proxy KEV deadline tomorrow (2026-05-11) — patch and rotate every upstream key
  in 2026-05-10
• Rotate organisation-level upstream LLM keys held by Braintrust customers
  in 2026-05-10
• CVE-2026-42208 — LiteLLM Proxy pre-authentication SQL injection: CISA KEV deadline 2026-05-11; all upstream LLM API keys at risk
  in 2026-05-09
• CERT-FR CERTFR-2026-ACT-016: Agentic AI tools introduce prompt-injection and supply-chain attack surfaces
  in 2026-05-08