Open-source admin tool zero-day 2FA bypass exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
Google identified a mass vulnerability exploitation operation using a zero-day 2FA bypass against a popular open-source, web-based system administration tool, creating broad account-compromise risk for exposed users. The flaw let attackers bypass two-factor authentication while still relying on valid credentials, making legitimate accounts the entry point. Google said it worked with the impacted vendor to responsibly disclose the issue and get it fixed. The case shows how coordinated threat actors can rapidly weaponize a single semantic logic flaw at scale.
Related Happenings
Google Dialogflow CX Code Blocks shared-runtime isolation security flaw
Vulnerability
H score32
First: 07.07.2026 19:37
Last: 07.07.2026 19:37
Sources 1
About this happening:
**Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...
Google Dialogflow CX Code Blocks shared-runtime isolation security flaw
VulnerabilityAbout this happening: **Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a "mass vulnerability exploitation operation."
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignHow related: The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a "mass vulnerability exploitation operation."
About this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
Vulnerability
H score5
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
VulnerabilityAbout this happening: An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
Google sponsored search ManageWP phishing campaign
Campaign
H score13
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google Antigravity prompt-injection fix
Security Patch Release
H score31
First: 21.04.2026 13:52
Last: 21.04.2026 13:52
Sources 1
About this happening:
**Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...
Google Antigravity prompt-injection fix
Security Patch ReleaseAbout this happening: **Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...
Timeline
-
11.05.2026 18:45 2 articles · 1mo ago
Google discloses AI-assisted zero-day 2FA bypass campaign
Initial DisclosureGoogle disclosed an unknown threat actor that used a zero-day exploit likely developed with an AI model to bypass two-factor authentication on a popular open-source, web-based system administration tool. The vulnerability was implemented in a Python script, required valid user credentials, and was described as part of a planned mass vulnerability exploitation operation; Google said it worked with the impacted vendor to responsibly disclose the flaw and get it fixed.
Show sources
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — thehackernews.com — 11.05.2026 18:45
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — thehackernews.com — 11.05.2026 18:45