Find notable cyber news and cases, enriched with sources, timelines, and signals.

Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw

Vulnerability
First reported
Last updated
Happening score
H score 5
1 unique sources, 1 articles

Summary

Hide ▲

An AI-assisted zero-day in a popular open-source web-based system administration tool created a 2FA-bypass risk before the flaw was closed by the vendor. GTIG said the issue was contained before operational exploitation, limiting immediate exposure. The case matters because it shows AI-assisted weaponization of a previously unknown weakness in an internet-facing admin platform.

Related Happenings

OpenAI ChatGPT Atlas BioShocking fix

Advisory/Mitigation
H score34 First: 01.07.2026 00:50 Last: 01.07.2026 00:50 Sources 1

About this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...

GC3 AI hackathons for government code remediation

Public Sector Action
H score28 First: 15.06.2026 12:30 Last: 15.06.2026 12:30 Sources 1

About this happening: **GC3** ran weekly AI hackathons that uncovered and helped remediate **407 vulnerabilities** across **nine UK government departments**, reducing exploitable risk in public-sector...

Open-source admin tool zero-day 2FA bypass exploitation wave

Exploitation Wave
H score6 First: 11.05.2026 18:45 Last: 11.05.2026 18:45 Sources 1

About this happening: Google identified a **mass vulnerability exploitation operation** using a **zero-day 2FA bypass** against a **popular open-source, web-based system administration tool**, creating...

Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign

Campaign
H score30 First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

How related: Published on May 11, the GTIG AI Threat Tracker report said that “prominent” cybercrime threat actors partnered to plan a mass vulnerability exploitation operation.

About this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...

Google GTIG analysis of adversary AI use for exploit development and attack orchestration

Technical Analysis
H score33 First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...

Timeline

  1. 11.05.2026 16:00 2 articles · 1mo ago

    GTIG warns of AI-assisted zero-day against an admin tool

    Initial Disclosure

    Google Threat Intelligence Group said it saw the first evidence of a threat actor using AI to identify and weaponize a zero-day vulnerability to bypass two-factor authentication (2FA) protections on a popular open-source, web-based system administration tool, and said it worked with the system admin tool vendor to close the flaw and disrupt the campaign before exploitation.

    Show sources