WordPress zero-day, NadMesh botnet hijacks AI cloud creds
An unauthenticated remote code execution flaw, wp2shell, affects clean WordPress 6.9.x and 7.0.x installs, letting attackers run code via a REST batch endpoint. WordPress patched it in 6.9.5 and 7.0.2 and enabled forced auto‑updates, so sites must upgrade immediately or apply temporary WAF blocks.
Researchers discovered HollowByte, a DoS flaw where an unauthenticated attacker sends an 11-byte TLS packet with a forged length header, causing OpenSSL to allocate massive buffers and fragment the heap. The memory bloat persists until the process restarts, so updating to the silently released patch is critical for any service using OpenSSL.
Researchers reveal a new class of attacks, Agent Data Injection (ADI), that corrupt trusted data feeding AI agents. By inserting forged metadata, they trick agents into clicking malicious “Buy Now” buttons or executing arbitrary code in coding assistants, bypassing existing prompt‑injection defenses. The work highlights a critical gap: agents do not isolate trusted from untrusted data.
Unit 42 and Siemens identified a chain of three zero‑day flaws (CVE‑2025‑40948/40947/40949) in ROX II OT switches that let an attacker read any file, inject commands as root, and install a persistent cron back‑door. Exploitation gives full control over critical industrial networks, prompting Siemens to push an emergency firmware update (V2.17.1).
Talos reports UAT‑11795, a Russian‑speaking financially motivated group active since June 2025, delivering a novel Python‑based Starland RAT and a PowerShell WLDR memory implant that encrypts beacons and runs payloads. They distribute trojanized installers across developer tools, video‑conferencing and gaming apps, targeting credentials and crypto wallets in the US and Europe.
Researchers uncovered NadMesh, a Go‑based botnet that automatically scans for exposed AI front‑ends (ComfyUI, Ollama, Gradio, etc.) and cloud orchestration services. It exploits more than 20 remote‑code‑execution flaws to steal AWS keys, over 3,800 unique credentials reported, and Kubernetes tokens, showing how AI stacks are becoming high‑value targets.
Checkmarx identified seven malicious Vite npm packages that hide a remote‑access trojan. The malware fetches its payload from Tron, Aptos and Binance Smart Chain, making takedown nearly impossible. Developers using Vite should audit dependencies and avoid scoped typosquats that masquerade as @vitejs libraries.
The campaign, tied to DPRK’s Contagious Interview operation, hides base‑64 fragments inside SVG flag images that look normal. When a victim runs a trojanized repository from a fake coding test, the fragments reassemble into a four‑stage OtterCookie loader stealing browser credentials, crypto wallets, files, and providing a RAT. Developers chasing job offers are now a high‑value target.
In April 2026, a sub‑group of the Chinese APT GoldenEyeDog, dubbed CylindricalCanine, hijacked a support analyst’s workstation at DigiCert. The actors exfiltrated code‑signing certificates meant for DigiCert customers and reused them to sign malware, bypassing detection. The breach highlights the supply‑chain risk of compromised certificate authorities.
The European Commission, invoking the Digital Markets Act, ordered Google to let rival AI assistants access Android’s mic, camera, screen, wake‑word activation and background app control by the next Android release (Android 18) and no later than Aug 1 2027. It opens the AI market for the bloc’s 60 % mobile base and requires Google to share anonymised search data.
Subscribe free