Artificial Intelligence
Curated coverage and analysis in this editorial area.
CERT-In Mandates 12-Hour Patching Window to Combat AI-Driven Exploits
India’s national cyber agency, CERT-In, has established a new 12-hour remediation standard for internet-facing and 'crown jewel' syste…
Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking
Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
Cyber May: AI Attacks Emerge, but Basic Vectors Remain the Primary Threat
In ESET’s May roundup, Tony Anscombe documents critical infrastructure breaches in Poland, Mexico’s first 'AI-directed' attack, and Go…
AI-Directed Attacks and ICS Vulnerabilities: ESET’s Tony Anscombe on DynoWiper and the First AI Zero-Day
In his May 2026 security review, ESET’s Tony Anscombe analyzes a landscape of extremes: from the first AI-generated zero-day and 'AI-d…
ChatGPhish: ChatGPT Summaries Weaponized as Phishing Traps
The ChatGPhish vulnerability exploits ChatGPT's renderer to inject malicious links and QR codes during web page summarization. OpenAI…
LLM Agent Conducts Autonomous Post-Exploitation via Marimo RCE
Sysdig documents the first case of an LLM agent completely replacing a human operator in post-exploitation following a critical RCE on…
Qumulo NeuralProtect: AI-Driven Ransomware Defense at the Point of Write
Qumulo has announced NeuralProtect, an AI-powered security layer designed to potentially intercept ransomware at the storage level, fe…
Palo Alto Networks Sets Patch Record as Frontier AI Reshapes Vulnerability Discovery
Palo Alto Networks has released its May 2026 Patch Wednesday, disclosing 26 CVEs across more than 130 products. For the first time, th…
OpenAI Codex: Reported Sandbox Escape Disclosed (ZDI-26-305)
A reported sandbox escape in OpenAI Codex (ZDI-26-305) could potentially allow code execution via specific JavaScript repositories. Th…
Nimbus Manticore: Iranian APT Leverages AI-Assisted Backdoors to Target Aviation and Software Sectors
The Iranian threat group Nimbus Manticore has expanded its operations, targeting aviation and software entities across Saudi Arabia, A…
India’s CERT-In Mandates 12-Hour Patch Window to Counter AI-Driven Exploitation
A new 38-page blueprint from CERT-In slashes the remediation window to just 12 hours for exposed systems, citing the rapid weaponizati…