DJBSEC's CyberNews 2026-05-12

Today’s daily news covers the following categories: Threat Intelligence Data Breach Malware Ransomware Vulnerability Policy & Legislation Authentication

Sophos Explores ChatGPT’s Expanding Role in Cybersecurity

Threat Intelligence
Sophos has released new research examining how ChatGPT and generative AI are reshaping cybersecurity operations. The report highlights both the defensive advantages of AI-assisted threat detection and the growing risks of attacker misuse. Security teams are increasingly using AI to automate analysis, accelerate investigations, and improve response times. At the same time, threat actors are leveraging similar tools to scale phishing, malware creation, and reconnaissance. The findings reinforce the dual-use nature of AI in the evolving cyber landscape.
Read More

SailPoint Discloses GitHub Repository Breach

Data Breach
Identity security company SailPoint has disclosed a breach involving one of its GitHub repositories. The exposure may have included sensitive code or configuration information, though the full impact is still being investigated. Breaches involving development repositories are especially concerning because attackers can analyze code for vulnerabilities or secrets. SailPoint stated it is taking steps to secure affected assets and assess potential exposure. The incident highlights the ongoing risks surrounding source code and development environments.
Read More

Researchers Document First Known AI-Developed Zero-Day Exploit

Threat Intelligence
Researchers say attackers have used AI to develop what may be the first known fully AI-assisted zero-day exploit. The exploit reportedly leveraged generative AI models to identify and weaponize vulnerabilities with minimal human input. This development raises concerns about how AI could dramatically accelerate offensive cyber operations. Security experts warn that AI-driven exploit development could shorten the time between vulnerability discovery and active exploitation. Organizations are being urged to improve detection and response capabilities to keep pace with evolving threats.
Read More

fsnotify Supply Chain Concerns Impact Go Development Ecosystem

Malware
Security researchers are warning about supply chain risks involving the widely used Go library fsnotify. The concerns center around the potential abuse or compromise of trusted dependencies within development environments. Because fsnotify is integrated into many applications, a malicious update could have broad downstream impact. Supply chain attacks continue to target open-source ecosystems due to their scale and trust relationships. Developers are encouraged to audit dependencies and monitor package integrity closely.
Read More

EtherRAT and TukTuk C2 Linked to Gentleman Ransomware

Ransomware
A new investigation has linked the EtherRAT malware and TukTuk command-and-control infrastructure to the Gentleman ransomware operation. Researchers found that attackers used these tools to maintain access, move laterally, and deploy ransomware payloads. The campaign demonstrates how threat actors combine multiple frameworks to improve persistence and operational flexibility. Victims experienced widespread disruption and encrypted systems after compromise. Security teams are advised to monitor for indicators associated with EtherRAT and TukTuk activity.
Read More

Google Discovers AI-Created Weaponized Zero-Day Exploits

Threat Intelligence
Google researchers have identified weaponized zero-day exploits believed to have been developed with the assistance of AI tools. The discovery underscores how generative AI can accelerate vulnerability research and exploit creation. Experts warn that AI-assisted offensive capabilities could significantly reduce the technical barriers for attackers. This shift may lead to faster and more widespread exploitation campaigns. Organizations are being encouraged to adopt more proactive detection and patch management strategies.
Read More

Dirty Frag Linux Vulnerability Enables Root Access

Vulnerability
A nine-year-old Linux vulnerability known as “Dirty Frag” can allow attackers to gain root-level access on affected systems. Researchers say the flaw remained hidden for years due to its complexity and low visibility. Exploitation could allow privilege escalation and complete system compromise. Public disclosure of the vulnerability is expected to increase exploitation attempts. Administrators are urged to patch systems and review security controls immediately.
Read More

CrimeNetwork Marketplace Returns Before Second Takedown

Policy & Legislation
The CrimeNetwork cybercrime marketplace briefly returned online after an earlier law enforcement takedown before being dismantled again by German authorities. Investigators targeted the marketplace for facilitating cybercrime services, stolen data sales, and malware distribution. The rapid reappearance demonstrates the resilience of underground criminal ecosystems. Authorities continue working to disrupt operators and seize infrastructure tied to these marketplaces. Experts warn that similar platforms are likely to continue emerging despite enforcement efforts.
Read More

New Dirty Frag Exploit Targets Linux Kernel

Vulnerability
Researchers have developed a working exploit targeting the Linux kernel “Dirty Frag” vulnerability. The exploit enables attackers to escalate privileges and potentially gain root access on vulnerable systems. Security experts warn that public exploit availability significantly increases the risk of active attacks. Linux environments running unpatched kernels are especially vulnerable. Organizations should prioritize patch deployment and monitor systems for unusual privilege escalation activity.
Read More

Hackers Use Weaponized JPEG Files in Malware Campaigns

Malware
Threat actors are using weaponized JPEG image files to deliver malware and evade detection. The malicious payloads are hidden inside seemingly harmless image files, allowing attackers to bypass traditional filtering controls. Once opened or processed, the payload can execute and compromise systems. The technique demonstrates how attackers continue to abuse common file formats to avoid detection. Organizations should strengthen email and endpoint protections against file-based attacks.
Read More

macOS Malware Campaign Abuses Google Ads

Malware
Cybercriminals are using malicious Google Ads campaigns to distribute malware targeting macOS users. Victims searching for legitimate software are redirected to fake download pages containing malicious installers. The campaign reflects increasing attacker focus on macOS environments, which are often perceived as safer than other platforms. Once installed, the malware can steal credentials and sensitive information. Users are advised to download software only from trusted sources and verify URLs carefully.
Read More

Over 1,800 MCP Servers Exposed Without Authentication

Authentication
Researchers have discovered more than 1,800 Model Context Protocol (MCP) servers exposed online without authentication protections. These servers are tied to the growing AI agent ecosystem and may expose sensitive data or operational access. The findings highlight how rapidly deployed AI infrastructure is often missing basic security controls. Experts warn that exposed MCP systems could become attractive targets for attackers. Organizations are encouraged to adopt zero-trust principles and enforce strong authentication across AI environments.
Read More

Malware
The Vidar malware family is continuing to target browser credentials, session cookies, and sensitive user data. Attackers use the malware to harvest login information that can later be sold or used in follow-on attacks. Stolen session cookies are particularly valuable because they can bypass authentication protections in some cases. Vidar remains one of the most active information-stealing malware strains in circulation. Organizations should strengthen endpoint detection and encourage users to adopt secure authentication practices.
Read More