Open-source admin tool zero-day 2FA bypass exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
Google identified a mass vulnerability exploitation operation using a zero-day 2FA bypass against a popular open-source, web-based system administration tool, creating broad account-compromise risk for exposed users. The flaw let attackers bypass two-factor authentication while still relying on valid credentials, making legitimate accounts the entry point. Google said it worked with the impacted vendor to responsibly disclose the issue and get it fixed. The case shows how coordinated threat actors can rapidly weaponize a single semantic logic flaw at scale.
Related Happenings
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a "mass vulnerability exploitation operation."
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignHow related: The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a "mass vulnerability exploitation operation."
About this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
Vulnerability
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
VulnerabilityAbout this happening: An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
Google sponsored search ManageWP phishing campaign
Campaign
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google Antigravity prompt-injection fix
Security Patch Release
First: 21.04.2026 13:52
Last: 21.04.2026 13:52
Sources 1
About this happening:
**Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...
Google Antigravity prompt-injection fix
Security Patch ReleaseAbout this happening: **Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...
Google Antigravity critical prompt-injection RCE flaw
Vulnerability
First: 21.04.2026 13:52
Last: 21.04.2026 13:52
Sources 1
About this happening:
**Google** fixed a critical **Antigravity** flaw that let a **prompt injection** bypass **Secure Mode** and escalate to **sandbox escape** and **remote code execution (RCE)**. The...
Google Antigravity critical prompt-injection RCE flaw
VulnerabilityAbout this happening: **Google** fixed a critical **Antigravity** flaw that let a **prompt injection** bypass **Secure Mode** and escalate to **sandbox escape** and **remote code execution (RCE)**. The...
Timeline
-
11.05.2026 18:45 2 articles · 16d ago
Google discloses AI-assisted zero-day 2FA bypass campaign
Initial DisclosureGoogle disclosed an unknown threat actor that used a zero-day exploit likely developed with an AI model to bypass two-factor authentication on a popular open-source, web-based system administration tool. The vulnerability was implemented in a Python script, required valid user credentials, and was described as part of a planned mass vulnerability exploitation operation; Google said it worked with the impacted vendor to responsibly disclose the flaw and get it fixed.
Show sources
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — thehackernews.com — 11.05.2026 18:45
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — thehackernews.com — 11.05.2026 18:45