Google Uncovers First AI-Generated Zero-Day Exploit in Cybercrime Campaign Google has identified the first known zero-day exploit developed with the assistance of artificial intelligence, marking a significant evolution in cyber threats. In a report published Monday, Google’s Threat Intelligence Group (GTIG) and Mandiant detailed how a prominent cybercrime group used AI to craft a Python-based exploit targeting an open-source web administration tool, specifically designed to bypass two-factor authentication (2FA). While Google did not disclose the threat actor or the affected software, it confirmed collaboration with the vendor to mitigate potential mass exploitation. Analysis of the exploit’s structure including educational docstrings, a hallucinated CVSS score, and a "textbook" Pythonic format suggests the use of a large language model (LLM) in its development. Google clarified that its own AI, Gemini, was not involved. The report also highlights state-sponsored actors leveraging AI for vulnerability research. Chinese-linked groups, including UNC2814, have employed agentic tools like Strix and Hexstrike in attacks on a Japanese tech firm and an East Asian cybersecurity company. UNC2814 further used AI-driven "persona-driven jailbreaks" instructing models to act as senior security auditors to analyze vulnerabilities in embedded devices, such as TP-Link firmware. North Korea’s APT45, meanwhile, deployed AI to automate the analysis of CVEs and validate proof-of-concept (PoC) exploits at scale, enabling a more robust arsenal than manual methods could achieve. Beyond exploit development, the report outlines AI’s role in autonomous malware operations, defense evasion, and supply chain attacks, as well as threat actors’ growing interest in premium LLM access. This incident underscores AI’s dual-edged impact on cybersecurity, where both attackers and defenders are rapidly integrating advanced tools into their strategies.

Mirai-Style Botnet Targets Vulnerable TP-Link Routers via CVE-2023-33538 Hackers are actively scanning for unpatched TP-Link home routers to deploy Mirai-style malware, exploiting CVE-2023-33538, a command injection flaw in the web management interface of several legacy models. The vulnerability affects TL-WR940N (v2/v4), TL-WR740N (v1/v2), and TL-WR841N (v8/v10) all end-of-life devices that no longer receive security updates. The bug resides in the `/userRpm/WlanNetworkRpm.htm` endpoint, where unsanitized input in the ssid1 field can be passed directly into a shell command, allowing arbitrary code execution. While public proof-of-concept exploits exist, recent attacks contain critical errors: many target the wrong parameter (ssid instead of ssid1), lack valid session tokens, and rely on tools like wget, which are absent in the routers’ restricted BusyBox environment. Despite these flaws, researchers confirmed the vulnerability is exploitable with valid credentials. Attackers have attempted to download an ELF binary (arm7) from 51.38.137[.]113, a Mirai-like botnet payload linked to the Condi family. Once executed, the malware connects to a command-and-control server, enabling DDoS attacks and self-updating across multiple architectures. TP-Link has advised replacing affected devices, as no patches will be issued. Security recommendations include disabling remote management, segmenting IoT networks, and enforcing strong admin passwords. Organizations can detect related activity by monitoring traffic to known Mirai infrastructure and investigating unusual outbound connections from these routers.

FancyBear’s Major OpSec Blunder Exposes Espionage Campaign Targeting European Governments and NATO In a rare operational security failure, Russian state-linked hacking group FancyBear (APT28/Forest Blizzard/GRU Unit 26165) inadvertently exposed a long-running cyberespionage campaign after leaving a server unsecured for over 500 days. The breach, first detected by threat intelligence firm Hunt.io on January 13, 2026, and later analyzed by Ctrl-Alt-Intel, provided researchers with unprecedented visibility into Operation Roundish, an active campaign targeting government and military entities across Europe. The exposed server a NameCheap Virtual Private Server (VPS) hosted in the U.S. at IP 203.161.50.145 had been previously attributed to FancyBear by Ukraine’s CERT-UA in September 2024, yet the group continued using it without interruption. The open directory contained 2,800 exfiltrated government and military emails, 240 stolen credentials (including passwords and TOTP 2FA secrets), 140 silent email-forwarding rules, and 11,500 harvested contact addresses from victims in Ukraine, Romania, Bulgaria, Greece, Serbia, and North Macedonia. Notably, the stolen data included email addresses tied to four NATO member states, including NATO’s own headquarters infrastructure. A second exposed directory, discovered by Ctrl-Alt-Intel, revealed even more sensitive material: FancyBear’s full command-and-control (C2) source code, additional JavaScript payloads, campaign telemetry logs, and further exfiltrated data. The targeting pattern aligned with geopolitical priorities, with Ukraine’s regional prosecutors (likely linked to war crimes investigations) as the largest victim group. Other high-profile targets included Romania’s Air Force, Greece’s National Defence General Staff, Serbia’s Ministry of Defence, and Bulgarian government entities all nations involved in recent military cooperation, such as Greece’s training of Ukrainian F-16 pilots and a 2024 military mobility agreement between Romania, Bulgaria, and Greece. The most alarming technical aspect of the campaign was FancyBear’s method for silently bypassing 2FA. Using a JavaScript module (keyTwoAuth.js), the group exploited a Roundcube webmail XSS vulnerability to extract TOTP secrets and recovery codes from authenticated sessions without victim interaction. The module parsed the twofactorgauthenticator plugin settings, encoded the stolen data, and exfiltrated it to the group’s C2 server (zhblz.com) under the log prefix ktfu. Researchers recovered 516 log entries from 108 unique victim addresses, with 256 accounts having their TOTP secrets compromised including targets at Romania’s Air Force, Greece’s GEETHA, Ukraine’s Asset Recovery Agency, and Serbia’s Ministry of Defence. The remaining 260 accounts had no 2FA enabled, making them trivial to access. The exposure underscores the group’s persistent reliance on known infrastructure despite prior attribution, as well as the sophistication of its 2FA bypass techniques. While the incident provides defenders with critical intelligence, it also highlights the ongoing threat posed by FancyBear to NATO-aligned governments and military organizations.

Russian GRU-Linked Hackers Exploit Routers in Global Credential Theft Campaign The U.K.’s National Cyber Security Centre (NCSC) has issued a warning about a sophisticated cyber espionage campaign conducted by APT28, a hacking group tied to Russia’s GRU military intelligence agency. The attackers are compromising widely used internet routers primarily from manufacturers MikroTik and TP-Link to intercept and redirect traffic through malicious servers under their control. By altering router settings, the hackers gain the ability to steal passwords, manipulate data, and expand access to targeted networks. The NCSC’s alert highlights the risks of credential theft and broader system compromise, though neither MikroTik nor TP-Link has publicly responded to the findings. Paul Chichester, the NCSC’s Director of Operations, emphasized that the campaign exploits vulnerabilities in common networking hardware, underscoring the threat posed by state-backed actors targeting critical infrastructure. Parallel research from Lumen Technologies’ Black Lotus Labs revealed the campaign’s global scale, identifying thousands of potential victims across at least 120 countries. Primary targets included government agencies such as foreign ministries and law enforcement as well as third-party email providers. The incident reflects growing international concern over router security. In a related move, the U.S. Federal Communications Commission (FCC) recently banned the sale of certain foreign-made consumer routers, citing supply-chain vulnerabilities that could enable large-scale disruptions to critical infrastructure. The NCSC and Lumen’s findings provide technical guidance for mitigating such attacks, though the full scope of the campaign’s impact remains under investigation.

Researchers Uncover Wi-Fi Vulnerability "AirSnitch" Exploiting Network Stack Weaknesses A team of researchers from the University of California, Riverside, has identified a critical flaw in Wi-Fi security dubbed AirSnitch, which allows attackers to intercept network traffic even on networks with client isolation enabled. The vulnerability exploits gaps in how Wi-Fi links MAC addresses, encryption keys, and IP addresses across network layers (1, 2, and 3), enabling attackers to impersonate devices and reroute traffic. Lead researcher Xin’an Zhou warned that AirSnitch "breaks worldwide Wi-Fi encryption" and could facilitate advanced attacks, including cookie theft, DNS poisoning, and cache manipulation, by effectively wiretapping the network. Unlike traditional exploits, AirSnitch does not crack encryption but instead undermines the assumption that encrypted clients are fully isolated from one another. The attack leverages four primary methods to bypass client isolation: 1. Shared Key Abuse – Exploiting the Group Temporal Key (GTK) used in most networks to broadcast malicious packets disguised as legitimate traffic. 2. Gateway Bouncing – Sending data to an access point addressed to a gateway MAC, tricking the gateway into forwarding it to the victim. 3. MAC Spoofing (Downlink) – Mimicking a victim’s MAC address to intercept their incoming traffic. 4. MAC Spoofing (Uplink) – Impersonating backend devices (e.g., gateways) to capture outgoing traffic from a target. The vulnerability was confirmed across five consumer routers (Netgear Nighthawk x6 R8000, Tenda RX2 Pro, D-LINK DIR-3040, TP-Link Archer AXE75, Asus RT-AX57), two open-source firmwares (DD-WRT v3.0-r44715, OpenWrt 24.10), and two university enterprise networks, indicating the flaw is inherent to Wi-Fi architecture rather than specific hardware. While the attack is complex, researchers emphasize that the findings highlight systemic weaknesses in Wi-Fi security, urging manufacturers and standards bodies to address these flaws in future protocols. The discovery underscores the need for stronger client isolation mechanisms to prevent such exploits.

TP-Link Patches Critical Vulnerability in VIGI Camera Line TP-Link has released an urgent security patch for a critical vulnerability in its VIGI camera series, which exposed over 2,500 internet-connected devices to potential unauthorized remote access. The flaw, discovered by a cybersecurity researcher during routine security checks, could have allowed attackers to execute remote code (RCE), risking exposure of private footage or manipulation of camera functions. The vulnerability posed severe security implications, including the potential for malicious actors to compromise monitoring systems. TP-Link responded swiftly by deploying a security update to mitigate the risk, emphasizing the importance of timely patching to prevent exploitation. The incident underscores the ongoing need for proactive security measures, including regular software updates and system monitoring, to address vulnerabilities in connected devices before they can be exploited.

Cybersecurity Roundup: Trust Abuse, AI Risks, and Supply Chain Attacks Dominate Threat Landscape This week’s cybersecurity developments highlight a growing trend: attackers are increasingly exploiting trusted systems AI platforms, software updates, messaging apps, and open-source ecosystems to bypass security controls. Below are the key incidents and trends shaping the threat landscape. ### AI and Open-Source Ecosystems Under Siege OpenClaw, an open-source AI agent framework, has partnered with Google’s VirusTotal to scan uploaded "skills" (AI extensions) for malware, following discoveries of malicious components in its ClawHub marketplace. Researchers warn that AI agents’ broad permissions, persistent memory, and user-controlled configurations create risks like prompt injection, data exfiltration, and supply chain attacks. Trend Micro reported threat actors on Exploit.in discussing OpenClaw for botnet operations, while Veracode noted a surge in typosquatted "claw" packages on npm and PyPI from zero in early 2026 to over 1,000 by February. Meanwhile, MoltBook, an AI-driven social platform built on OpenClaw, faces scrutiny after Simula Research Laboratory identified 506 prompt injection attacks, social engineering exploits, and unregulated cryptocurrency activity comprising 19.3% of its content. The platform’s autonomous AI agents, which interact without human oversight, raise concerns about data privacy and manipulation risks. Security firm Pillar Security detected active scanning of exposed OpenClaw gateways (port 18789), with attackers bypassing AI layers to target the WebSocket API directly for authentication bypasses and command execution. Censys identified 21,639 exposed OpenClaw instances as of January 2026, underscoring the framework’s outdated trust model lacking encryption-at-rest and containerization. ### Supply Chain Attacks: Trusted Updates as Malware Vectors A sophisticated supply chain attack targeted Notepad++ between June and December 2025, where threat actors redirected its WinGUp updater to malicious servers. Despite losing access to a compromised hosting provider in September, attackers reused stolen credentials to maintain control until December. The campaign, attributed to Lotus Blossom, exploited weak update verification in older Notepad++ versions, demonstrating how legitimate domains can become malware distribution hubs. Similarly, Docker’s AI assistant (Ask Gordon) was found vulnerable to remote code execution (RCE) via DockerDash, a flaw in its Model Context Protocol (MCP) Gateway. Attackers could embed malicious instructions in Docker image metadata, which the AI assistant executed without validation. Docker patched the issue in version 4.50.0 (November 2025). ### State-Sponsored Threats and High-Profile Targets Germany’s BfV and BSI issued a joint advisory warning of state-sponsored phishing attacks via Signal, exploiting the app’s PIN and device-linking features to hijack accounts. Targets included high-ranking officials, military personnel, diplomats, and journalists across Germany and Europe. In Ukraine, the government implemented a Starlink terminal verification system after confirming Russian forces were using the technology on attack drones. Only registered devices are now permitted to operate in the country. ### DDoS, Botnets, and Emerging Attack Techniques The AISURU/Kimwolf botnet set a record with a 31.4 Tbps DDoS attack in November 2025, lasting just 35 seconds. Cloudflare mitigated the attack, which was part of a broader campaign ("The Night Before Christmas") starting in December. Overall, DDoS attacks surged 121% in 2025, averaging 5,376 mitigated attacks per hour. Researchers also uncovered 54 malicious npm packages using EtherHiding, a technique leveraging Ethereum smart contracts to fetch C2 servers, complicating takedown efforts. The malware targets Windows systems with 5+ CPUs, employing sandbox evasion, COM hijacking, and system profiling. ### Linux Threats and Post-Exploitation Frameworks Cyble discovered ShadowHS, a fileless Linux post-exploitation framework that runs entirely in memory, prioritizing stealth and long-term control. The framework includes modules for credential access, lateral movement, privilege escalation, and data exfiltration, with aggressive defensive tooling enumeration to avoid detection. ### Ransomware, Dark Markets, and Legal Actions - INC Ransomware suffered a setback after Cyber Centaurs breached its backup server, helping 12 victims recover data. The group, active since 2023, had listed over 100 victims on its leak site. - Rui-Siang Lin, administrator of the Incognito Market darknet drug marketplace, was sentenced to 30 years in prison for facilitating $105 million in narcotics sales to over 400,000 users. - Xinbi, a Telegram-based illicit marketplace, processed $17.9 billion in transactions, outlasting competitors like Haowang and Tudou Guarantee, which saw declines of 100% and 74%, respectively. ### Critical Vulnerabilities and Exploits Notable CVEs disclosed this week include: - CVE-2026-25049 (n8n) - CVE-2026-0709 (Hikvision Wireless Access Point) - CVE-2026-23795 (Apache Syncope) - CVE-2026-1591/1592 (Foxit PDF Editor Cloud) - CVE-2026-24512 (ingress-nginx) - Multiple CVEs in Django, Google Chrome, Cisco, TP-Link, F5 BIG-IP, and Arista NG Firewall Additionally, XBOW uncovered two Insecure Direct Object Reference (IDOR) flaws in Spree (CVE-2026-22588/22589), allowing unauthorized access to user address data. ### Microsoft’s AI Backdoor Scanner Microsoft developed a scanner to detect hidden backdoors in open-weight AI models, addressing risks for enterprises relying on third-party large language models (LLMs). The tool identifies three key indicators: 1. Attention shifts when a hidden trigger is present. 2. Leakage of poisoned training data. 3. Partial triggers still activating malicious responses. The scanner extracts memorized content from models and ranks suspicious substrings as potential triggers. ### Conclusion This week’s incidents underscore a shift in attacker tactics exploiting trust in ecosystems, AI workflows, and supply chains rather than relying on traditional malware. As threats evolve, organizations must monitor integrations, verify updates, and secure AI deployments to mitigate risks from both state-sponsored actors and cybercriminals.

Critical Authentication Bypass Flaw in TP-Link VIGI Cameras Exposes Surveillance Systems to Unauthorized Access A high-severity authentication vulnerability (CVE-2026-0629) has been disclosed in TP-Link’s VIGI surveillance camera lineup, allowing attackers on local networks to reset administrative credentials without authorization. The flaw, rated 8.7 on the CVSS v4.0 scale, affects the web interface’s password recovery function due to improper client-side state manipulation. Exploiting the vulnerability requires only LAN access, with no elevated privileges, user interaction, or complex attack methods needed. Successful exploitation grants full administrative control over affected devices, enabling attackers to modify configurations, disable security features, access recorded footage, or use compromised cameras as pivot points for lateral network movement. The flaw impacts 28 VIGI camera series, including the Cx45, Cx55, Cx85, and InSight models, posing significant risks to organizations relying on these devices for critical surveillance. TP-Link has released firmware updates to address the issue, with patched versions available for all affected models. Devices remain vulnerable until updates are applied, and TP-Link has stated it will not be liable for incidents resulting from unpatched systems. Firmware updates can be downloaded via TP-Link’s regional support portals, including the U.S., global, and India-specific download centers. The advisory underscores the urgency of patching due to the flaw’s ease of exploitation and broad impact on surveillance infrastructure.

Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing significant risks to surveillance infrastructure security. Exploiting these vulnerabilities could enable malicious actors to compromise surveillance footage, alter device settings, or use the network video recorders (NVRs) as footholds for further attacks within an organization’s network. One flaw needs login; the other works without credentials, posing a high risk.

The Ballista botnet, taking advantage of an unpatched vulnerability in TP-Link Archer routers, has significantly impacted multiple sectors including manufacturing, healthcare, services, and technology across the U.S., Australia, China, and Mexico. Beyond its widespread presence in various critical industries, this botnet exploits the routers for command and control (C2) channels, enabling DoS/DDoS attacks, data exfiltration, and persistent unauthorized access. With over 6,500 identified vulnerable devices, the threat actors behind Ballista have exhibited sophisticated capabilities that threaten not only individual organizations but also the integrity of IoT devices within critical infrastructure.

TP-Link, a major router manufacturer in the US, is facing a potential ban due to security concerns tied to its Chinese origins. A government investigation underscores fears that TP-Link routers could be compromised by state-sponsored Chinese hackers to infiltrate US systems or be coerced into sharing sensitive information with Chinese intelligence. Despite efforts to demonstrate autonomy from its Chinese counterpart and emphasis on internal security measures, the situation raises questions about national cybersecurity and the potential for economic loss or erosion of consumer trust in the brand.

Critical Command Injection Flaw Discovered in TP-Link Archer MR600 Router A high-severity security vulnerability has been identified in the TP-Link Archer MR600 v5, a widely used 4G+ Cat6 wireless router. Tracked as CVE-2025-14756, the flaw is a command injection issue in the device’s administrative interface, allowing authenticated attackers to execute arbitrary system commands. The vulnerability stems from inadequate input sanitization in the router’s firmware, enabling threat actors to inject malicious commands via the browser developer console. While exploitation requires administrative access obtained through credential theft, phishing, or default password misuse the impact is severe. Successful attacks could lead to service disruption (e.g., blocking internet access) or full system compromise, granting attackers control over network traffic, connected devices, or persistent malware installation. With a CVSS v4.0 score of 8.5 (High), the flaw poses significant risks to confidentiality, integrity, and availability. The attack vector is classified as adjacent, meaning it requires local network access, but the potential damage is substantial. The vulnerability affects Archer MR600 v5 routers running firmware versions prior to 1.1.0 0.9.1 v0001.0 Build 250930. TP-Link has released a patch to address the issue, implementing stricter input validation. The affected model is not sold in the U.S. but is deployed in regions including Europe and Japan. Users are urged to update their firmware immediately, as unpatched devices remain vulnerable to attackers with administrative access. TP-Link provides the fix on its global and regional support pages, with administrators advised to back up configurations before applying the update.

Russian APT28 Exploits SOHO Routers in Large-Scale Credential Harvesting Campaign The UK National Cyber Security Centre (NCSC) issued an advisory on Tuesday warning that Russian state-backed hacking group APT28 (also known as Fancy Bear, Forest Blizzard, and Sofacy) has been actively compromising small office and home office (SOHO) routers since early 2024. The group, assessed as Military Intelligence Unit 26165 under Russia’s GRU, is manipulating routers’ DHCP and DNS settings to redirect network traffic through attacker-controlled servers, enabling the theft of passwords and authentication tokens from web and email services. APT28 deploys malicious DNS resolvers on virtual private servers (VPS), then alters compromised routers to direct downstream devices such as laptops and phones to these servers. When users attempt to access targeted domains (e.g., Outlook, Office 365, and Microsoft authentication services), their traffic is rerouted to adversary-in-the-middle (AitM) infrastructure, while non-targeted requests resolve normally to avoid detection. The NCSC identified TP-Link WR841N routers as one of the exploited models, likely leveraging CVE-2023-50224, an unauthenticated flaw allowing credential theft via HTTP requests. Once obtained, the attackers rewrite the router’s DHCP DNS settings, replacing the primary DNS with a malicious IP while preserving the original as a secondary fallback. Over 20 TP-Link models including Archer, WDR, and WR series have been targeted, alongside MikroTik routers, some of which were compromised in Ukraine, suggesting strategic intelligence value. The campaign is described as opportunistic, with APT28 casting a broad net across exposed routers before filtering victims for high-value targets. While the NCSC recommends standard mitigations such as firmware updates, restricted management interfaces, and multi-factor authentication the advisory underscores the group’s persistent focus on credential harvesting for espionage purposes. APT28 has previously been linked to high-profile breaches, including the 2015 German Bundestag hack and the 2018 intrusion attempt at the Organisation for the Prohibition of Chemical Weapons.