Under $100 AI poisoning and Shark vacuum AWS hijack
A researcher showed that an open‑weight language model can be poisoned using less than $100 in compute and cloud credits, exposing how inexpensive supply‑chain attacks can compromise AI trust. The proof‑of‑concept runs on a public LLaMA‑derived model and demonstrates stealthy backdoor insertion.
A Shark RV2320EDUS robot vacuum’s AWS IoT certificate can be used to issue root commands to any Shark vacuum in the same AWS region, exposing live camera feeds, home maps, and Wi‑Fi passwords. The flaw stems from an overly permissive device policy that SharkNinja never scoped to individual devices, and it remains unpatched.
Talos reports July’s Patch Tuesday delivered 622 fixes, including 62 critical and two exploited zero‑days, the biggest monthly batch ever. AI‑driven vulnerability hunting is accelerating disclosures, forcing enterprises to scramble with change‑management pipelines and risk missing critical updates.
Researchers expose a new class of indirect prompt injection, Agent Data Injection (ADI), that disguises malicious payloads as trusted metadata. ADI lets attackers trigger arbitrary clicks in web‑agents and remote code execution in coding agents, bypassing existing defenses that only separate instructions from data.
Symantec uncovered Spirals, a Rust‑based ransomware that compromised an IT services firm in South Asia and finished data theft and encryption in under 24 hours. The group leveraged an exposed IIS server, deployed web shells, disabled security tools, and used bitsadmin.exe to encrypt files, threatening public data release.
A Russian‑speaking actor jailbroke Google Gemini’s CLI and used it as an autonomous operator to spin up a new command‑and‑control server in six minutes, reviving a credential‑stealing botnet that targets pro‑Trump conspiracy sites. The AI handled VPS provisioning, Cloudflare tunnelling and payload deployment, showing how large language models can become rapid force multipliers for low‑skill threat actors.
Sandworm has repurposed fake CAPTCHA prompts on compromised Ukrainian sites to force users to paste a PowerShell command, installing the GhettoVibe loader. The trick turns a routine verification step into a malware drop, giving the APT deeper footholds and new reconnaissance tools across the target ecosystem.
Researchers spotted more than a million phishing messages that hide malicious payloads in invisible characters, a technique called text‑salting. The trick fools AI‑driven security scanners, letting the emails land in inboxes and exposing enterprises to credential theft.
After a four‑year lull, Symantec found the China‑linked Daxin kernel‑mode rootkit active on a Taiwan manufacturing subsidiary in May 2026. The same host also harbored a never‑seen backdoor, Stupig, which injects a DLL into winlogon to run SYSTEM commands from the login screen, giving attackers pre‑auth code execution.
A coalition of 42 state attorneys general secured an $18 million payout from 23andMe after a 2023 breach exposed the genetic data of 6.9 million customers. The deal forces the company to adopt robust safeguards, multifactor authentication, intrusion detection, and breach monitoring, to protect users going forward.
Praetorian’s Knossos profiles a client’s AWS configuration, including naming conventions, tag vocabularies, CIDR blocks, and IAM policies, and automatically builds full‑scale decoy accounts that mimic production. When attackers query the decoys, every API call is recorded, turning the honeypot into actionable intel instead of a simple canary. It lets teams deploy deception at scale without manual crafting.
Praetorian open‑sourced WasmForge, a toolchain that compiles C# offensive utilities like Rubeus and Seatbelt to WebAssembly using .NET NativeAOT‑WASI. The resulting binaries run outside the CLR, sidestepping AMSI, ETW and YARA signatures that flag traditional GhostPack tools, giving attackers a stealthier delivery method.
Subscribe free