CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

First observed in-the-wild AI-assisted zero-day 2FA bypass in web-based system administration tool

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A previously unknown cybercrime group deployed the first documented AI-assisted zero-day exploit capable of bypassing two-factor authentication (2FA) in a widely used open-source web-based system administration tool. The flaw, weaponized via a Python script containing LLM-like code patterns and hallucinated documentation, was likely discovered and refined using an AI system. Exploitation required valid credentials and exploited a high-level semantic logic flaw rooted in a hard-coded trust assumption. Google’s Threat Intelligence Group (GTIG) collaborated with the vendor to remediate the issue and disrupt the campaign, which targeted a large-scale exploitation operation.

Timeline

  1. 11.05.2026 18:45 1 articles · 2h ago

    AI-assisted zero-day 2FA bypass exploited in mass operation; PromptSpy malware expands autonomous capabilities

    Google Threat Intelligence Group (GTIG) disclosed a zero-day 2FA bypass vulnerability in a web-based system administration tool, weaponized via an LLM-generated Python script and attributed to cybercrime actors planning a mass exploitation operation. Google also detailed PromptSpy, an Android backdoor with autonomous agent capabilities that interprets real-time user activity, captures biometric data for PIN replay, and blocks uninstallation via touch event obfuscation. Its C2 infrastructure and API keys are dynamically reloadable, enabling operational resilience against defensive takedowns.

    Show sources
    Open in new tab

Information Snippets

  • The zero-day 2FA bypass vulnerability was embedded in a Python script containing LLM-generated characteristics such as extensive docstrings, hallucinated CVSS scores, and textbook-structured formatting.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources

  • Exploitation required valid user credentials and exploited a semantic logic flaw arising from a hard-coded trust assumption in the target tool’s authentication flow.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources

  • Google attributed the campaign to cybercrime actors collaborating on a mass exploitation operation and coordinated with the affected vendor for responsible disclosure and patching.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources

  • The threat actor likely used an AI system to assist in discovery, validation, and weaponization of the vulnerability, marking the first observed in-the-wild malicious use of AI for exploit development.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources

  • Google also identified broader AI-enabled threats including PromptSpy malware (Android), which autonomously interprets user activity, captures biometric data for PIN replay, and prevents uninstallation via touch event obfuscation.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources

  • Other AI abuse campaigns involved China-nexus espionage groups (e.g., UNC2814) using persona-driven jailbreaks for embedded device vulnerability research, North Korean APT45 validating PoCs via recursive CVE analysis, and Russian clusters employing AI-generated decoy code in malware families CANFAIL and LONGSTREAM.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources

  • Shadow API relay platforms in China provide unauthorized, regional-bypass access to models like Anthropic Claude and Google Gemini, exposing users to model substitution and full prompt/response interception for illicit fine-tuning or knowledge extraction.

    First reported: 11.05.2026 18:45
    1 source, 1 article
    Show sources