Google’s threat researchers caught the first zero-day exploit they believe was built with AI assistance. The technique attackers used to get the AI to help is the part worth understanding.
On April 23, 2026, CISA and the UK NCSC published a malware analysis report on FIRESTARTER, a custom backdoor that survives patching, reboots, and firmware upgrades on Cisco Firepower and Secure Firewall devices. The federal directive itself states that Sigma rules are not effective against it. That admission has implications well beyond the federal civilian executive branch.
The threat group tracked as APT28 (Forest Blizzard/Fancy Bear) compromised 18,000 SOHO routers across 120+ countries by exploiting known vulnerabilities and default SNMP credentials. They modified DNS settings to redirect traffic through attacker-controlled servers, enabling adversary-in-the-middle attacks that harvested Microsoft OAuth tokens, passwords, and emails from 200+ organizations. The FBI’s Operation Masquerade sent court-authorized commands to reset compromised routers on U.S. soil.
Attackers compromised CPUID’s official website and swapped download links for CPU-Z and HWMonitor with trojanized packages delivering STX RAT. The attack targeted the exact tools IT professionals carry on USB drives and run on production servers, turning implicit trust in a 20-year-old download source into a direct path to privileged credentials.
Overview # Intel Hub is a real-time intelligence aggregation platform that pulls cybersecurity, geopolitical, OSINT, dark web, social media, and Telegram chat-feed data into a single dashboard. It runs across 7 channels and 170+ feeds, with severity classification, 4-tier source credibility scoring, political bias tagging, and a webhook ingest API. No API keys are required to get started.
A practitioner breakdown of the IBM X-Force Threat Intelligence Index 2026. Vulnerability exploitation overtakes phishing as the top attack vector, supply chain compromises quadruple, and AI accelerates attacker operations while defenders struggle with the basics.
The FBI’s February 19, 2026 FLASH advisory (FLASH-20260219-001) documented something that should prompt a serious conversation in every bank, credit union, and fintech security team: over 700 ATM jackpotting incidents occurred in the United States in 2025 alone, resulting in more than $20 million in direct losses. Since 2020, roughly 1,900 incidents have been logged. The Department of Justice puts the total losses attributed to jackpotting since 2021 at approximately $40.7 million.
Security research reveals OpenClaw (formerly Clawdbot) has fundamental architectural flaws that make it function like malware. With 100,000+ users, exposed instances leaking credentials, and infostealers already targeting it, this viral AI agent proves we need AI governance now.