Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
Summary
Hide ▲
Show ▼
An AI-assisted zero-day exploitation campaign was planned by prominent cybercrime threat actors, but the effort was disrupted before deployment and did not reach its intended target. The operation aimed to use a newly found flaw to bypass 2FA on a popular open-source, web-based system administration tool. The tooling showed signs of AI-generated development, including highly structured docstrings and a hallucinated CVSS score. The case matters because it shows how AI can speed up vulnerability discovery and weaponization.
Related Happenings
Open-source admin tool zero-day 2FA bypass exploitation wave
Exploitation Wave
First: 11.05.2026 18:45
Last: 11.05.2026 18:45
Sources 1
How related:
The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a "mass vulnerability exploitation operation."
About this happening:
Google identified a **mass vulnerability exploitation operation** using a **zero-day 2FA bypass** against a **popular open-source, web-based system administration tool**, creating...
Open-source admin tool zero-day 2FA bypass exploitation wave
Exploitation WaveHow related: The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a "mass vulnerability exploitation operation."
About this happening: Google identified a **mass vulnerability exploitation operation** using a **zero-day 2FA bypass** against a **popular open-source, web-based system administration tool**, creating...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
Although there is no evidence to suggest that Google's Gemini AI tool was used to aid the threat actors, GTIG assessed with high confidence that an AI model was weaponized to facilitate the discovery and weaponization of the flaw via a Python script that featured all hallmarks typically associated with large language model (LLM)-generated code.
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisHow related: Although there is no evidence to suggest that Google's Gemini AI tool was used to aid the threat actors, GTIG assessed with high confidence that an AI model was weaponized to facilitate the discovery and weaponization of the flaw via a Python script that featured all hallmarks typically associated with large language model (LLM)-generated code.
About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
Vulnerability
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
How related:
An AI model was likely used to identify a zero-day vulnerability and weaponize it to exploit bypass two-factor authentication (2FA) protections on a popular open-source, web-based system administration tool.
About this happening:
An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
VulnerabilityHow related: An AI model was likely used to identify a zero-day vulnerability and weaponize it to exploit bypass two-factor authentication (2FA) protections on a popular open-source, web-based system administration tool.
About this happening: An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
CampaignAbout this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
OpenAI expands Trusted Access for Cyber to government cyber defenders
Security Tool/Service
First: 04.05.2026 11:00
Last: 04.05.2026 11:00
Sources 1
About this happening:
**OpenAI** expanded its **Trusted Access for Cyber (TAC)** program to **federal, state, and local governments**, broadening a defender-access system for cyber response and critica...
OpenAI expands Trusted Access for Cyber to government cyber defenders
Security Tool/ServiceAbout this happening: **OpenAI** expanded its **Trusted Access for Cyber (TAC)** program to **federal, state, and local governments**, broadening a defender-access system for cyber response and critica...
Timeline
-
11.05.2026 16:00 2 articles · 16d ago
GTIG discloses AI-assisted zero-day campaign
Initial DisclosureGoogle Threat Intelligence Group said prominent cybercrime threat actors planned a mass vulnerability exploitation operation that used an AI model to identify and weaponize a zero-day vulnerability to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool. GTIG said it worked with the system admin tool vendor to close the flaw and disrupt the campaign before the new zero-day could be exploited, and its analysis found Python code with highly structured educational docstrings and a hallucinated CVSS score that suggested AI-generated assistance.
Show sources
- Hackers Observed Using AI to Develop Zero-Day for the First Time — www.infosecurity-magazine.com — 11.05.2026 16:00
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — thehackernews.com — 11.05.2026 18:45