Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
Vulnerability
Summary
Hide ▲
Show ▼
An AI-assisted zero-day in a popular open-source web-based system administration tool created a 2FA-bypass risk before the flaw was closed by the vendor. GTIG said the issue was contained before operational exploitation, limiting immediate exposure. The case matters because it shows AI-assisted weaponization of a previously unknown weakness in an internet-facing admin platform.
Related Happenings
Open-source admin tool zero-day 2FA bypass exploitation wave
Exploitation Wave
First: 11.05.2026 18:45
Last: 11.05.2026 18:45
Sources 1
About this happening:
Google identified a **mass vulnerability exploitation operation** using a **zero-day 2FA bypass** against a **popular open-source, web-based system administration tool**, creating...
Open-source admin tool zero-day 2FA bypass exploitation wave
Exploitation WaveAbout this happening: Google identified a **mass vulnerability exploitation operation** using a **zero-day 2FA bypass** against a **popular open-source, web-based system administration tool**, creating...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
Published on May 11, the GTIG AI Threat Tracker report said that “prominent” cybercrime threat actors partnered to plan a mass vulnerability exploitation operation.
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignHow related: Published on May 11, the GTIG AI Threat Tracker report said that “prominent” cybercrime threat actors partnered to plan a mass vulnerability exploitation operation.
About this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target Trend
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Google Antigravity critical prompt-injection RCE flaw
Vulnerability
First: 21.04.2026 13:52
Last: 21.04.2026 13:52
Sources 1
About this happening:
**Google** fixed a critical **Antigravity** flaw that let a **prompt injection** bypass **Secure Mode** and escalate to **sandbox escape** and **remote code execution (RCE)**. The...
Google Antigravity critical prompt-injection RCE flaw
VulnerabilityAbout this happening: **Google** fixed a critical **Antigravity** flaw that let a **prompt injection** bypass **Secure Mode** and escalate to **sandbox escape** and **remote code execution (RCE)**. The...
Timeline
-
11.05.2026 16:00 2 articles · 16d ago
GTIG warns of AI-assisted zero-day against an admin tool
Initial DisclosureGoogle Threat Intelligence Group said it saw the first evidence of a threat actor using AI to identify and weaponize a zero-day vulnerability to bypass two-factor authentication (2FA) protections on a popular open-source, web-based system administration tool, and said it worked with the system admin tool vendor to close the flaw and disrupt the campaign before exploitation.
Show sources
- Hackers Observed Using AI to Develop Zero-Day for the First Time — www.infosecurity-magazine.com — 11.05.2026 16:00
- Hackers Observed Using AI to Develop Zero-Day for the First Time — www.infosecurity-magazine.com — 11.05.2026 16:00