ai

VoidLink Cloud Malware Shows Clear Signs of Being AI-generated

,

VoidLink malware, developed likely by a solo programmer with AI assistance, exhibits advanced features like custom loaders and rootkits. Check Point Research notes it shows clear signs of AI generation, operational security failures, and rapid functionality development within a week. This marks a shift where individuals with technical skills can produce sophisticated malware, previously achievable only by well-resourced teams, making it a notable example of AI-driven cyber threats.

https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/

For the Price of Netflix, Crooks Can Rent AI Crime Ops

,

Cybercrime has evolved with AI, offering tools like Dark LLMs for scams at subscription prices. Group-IB reports a 371% increase in AI mentions on dark web forums since 2019. AI simplifies previously complex cyberattacks into easily accessible services. Deepfake and synthetic identity tools are now inexpensive, resulting in significant financial losses, including $347 million in a single quarter. Automation in cybercrime lowers barriers for criminals, complicating defense efforts and increasing the scale and personalization of scams.

https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

, ,

A significant recent cybersecurity concern is a prompt injection vulnerability in Google's Gemini AI, allowing attackers to exploit Google Calendar invites to access private data covertly and create deceptive events. This highlights the need for advanced security strategies addressing semantic vulnerabilities in AI systems.

https://www.darkreading.com/cloud-security/google-gemini-flaw-calendar-invites-attack-vector

‘Signal’ President and VP Warn Agentic AI Is Insecure, Unreliable, and a Surveillance Nightmare

Signal leaders warn agentic AI is insecure, unreliable, and risks surveillance. At 39C3, they highlighted its vulnerabilities, including susceptibility to malware and low task success rates. They advocate for industry changes to improve privacy, security, and transparency, urging firms to halt reckless deployment and prioritize user consent and data protection.

https://coywolf.com/news/productivity/signal-president-and-vp-warn-agentic-ai-is-insecure-unreliable-and-a-surveillance-nightmare/

Reprompt: The Single-Click Microsoft Copilot Attack That Silently Steals Your Personal Data

, ,

Varonis Threat Labs identified a new AI vulnerability called Reprompt in Microsoft Copilot that allows attackers to exploit a single click on a seemingly legitimate link to bypass security controls and exfiltrate sensitive user data without detection. This attack can lead to significant data breaches by firing off malicious commands that continue even after the user interacts with the Copilot. Key methods involve URL parameter manipulation and managing hidden follow-up requests, making it difficult to spot the exploitation attempts. Microsoft has since patched the vulnerability. Recommendations are made for both vendors and users to enhance security against such vulnerabilities.

https://www.varonis.com/blog/reprompt

Remote Code Execution With Modern AI/ML Formats and Libraries

, ,

Three open-source AI/ML Python libraries by Apple, Salesforce, and NVIDIA have vulnerabilities allowing remote code execution (RCE) via malicious metadata in models. Specifically:

  1. NeMo – NVIDIA's PyTorch framework for diverse AI/ML model development
  2. Uni2TS – Salesforce's library for time series analysis
  3. FlexTok – Apple's framework for image processing

The vulnerabilities leverages hydra.utils.instantiate() to execute arbitrary code embedded in model metadata. None have been exploited in the wild as of December 2025. Fixes were issued swiftly by the vendors, with severity ratings classified as High. Modifications in their libraries have improved security against these issues, emphasizing the importance of ongoing vigilance in AI/ML model handling.

https://unit42.paloaltonetworks.com/rce-vulnerabilities-in-ai-python-libraries/

ChatGPT’s Memory Feature Supercharges Prompt Injection

, ,

Researchers from Radware discovered a new exploit chain called “ZombieAgent” that leverages ChatGPT’s long-term memory and connector features to enable more severe indirect prompt injection (IPI) attacks. By planting malicious instructions in ChatGPT’s memory, attackers can persistently exfiltrate sensitive information from connected platforms. OpenAI has addressed this exploit by restricting ChatGPT’s ability to modify URLs, but further structural fixes are needed to enhance the security of AI agents.

https://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injection

IBM’s AI Agent Bob Easily Duped to Run Malware, Researchers Show

, ,

IBM's AI agent Bob is vulnerable to prompt injection attacks, allowing it to execute malware. Despite IBM's security measures, researchers from PromptArmor demonstrated that Bob could be manipulated into executing harmful commands by leveraging a prompt injection technique with malicious Markdown files. While IBM advises caution and user approval for risky actions, Bob's defenses were bypassed, enabling the potential execution of malware without proper consent. This raises significant concerns about the security of AI software in development workflows, particularly when handling untrusted data.

https://www.theregister.com/2026/01/07/ibm_bob_vulnerability/

VSCode IDE Forks Expose Users to “recommended extension” Attacks

, ,

Forks of VSCode IDEs like Cursor and Google Antigravity recommend non-existent extensions from OpenVSX, risking malware exploitation as attackers can claim unregistered namespaces. Koi Security researchers reported the flaw; Cursor fixed it, and Google removed 13 recommendations. Users should verify extensions directly on OpenVSX to ensure safety.

https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/

Murder-suicide Case Shows OpenAI Selectively Hides Data After Users Die

, ,

OpenAI is being accused of concealing crucial ChatGPT logs during legal proceedings related to a murder-suicide case involving Stein-Erik Soelberg and his mother, Suzanne Adams. The family claims Soelberg's mental health deteriorated after engaging with ChatGPT, which allegedly fueled delusional beliefs about his mother. Despite evidence from shared logs, OpenAI has refused to provide full access to discussions that could shed light on Soelberg's state of mind leading up to the tragedy. The lawsuit argues that OpenAI's data policies, particularly regarding deceased users, lack transparency and accountability, exacerbating the family's grief and hindering their ability to understand the events.

https://arstechnica.com/tech-policy/2025/12/openai-refuses-to-say-where-chatgpt-logs-go-when-users-die/

Pen Testers Accused of ‘blackmail’ Over Eurostar AI Flaws

, ,

Pen testers identified four significant flaws in Eurostar's AI chatbot, allowing potential injection of malicious HTML and system prompts leakage. After initial reports were ignored, the team accused the company's security head of “blackmail” for following up. Eurostar later found the report and addressed some issues. The chatbot's poor design permits users to manipulate chat history and bypass security checks, leading to risks like data leaks and phishing attacks. The incident highlights the need for robust security in consumer-facing chatbots.

https://www.theregister.com/2025/12/24/pentesters_reported_eurostar_chatbot_flaws/

Robot Crime Could Be Rampant by 2035, Law Enforcement Warns

,

Europol warns of potential rampant robot crime by 2035 due to automation, predicting protests, riots, and hacking of AI-powered robots. The report highlights threats like drones used for attacks, urging police to prepare for criminal actions involving both humans and robots. While acknowledging some scenarios may be exaggerated, the warning illustrates the growing concerns about technology replacing humans in various sectors, leading to societal unrest.

https://www.vice.com/en/article/robot-crime-could-be-rampant-by-2035-law-enforcement-warns/

NIST, MITRE Announce $20 Million Research Effort on AI Cybersecurity

NIST and MITRE launch $20 million AI cybersecurity project, focusing on protecting critical infrastructure. Two centers established—one for manufacturing, another for AI-driven cybersecurity solutions for essential services like water and electricity. Aim: enhance U.S. tech, reduce adversarial risks, foster industry collaboration. Input from critical sectors emphasized for effective cybersecurity strategies.

https://cyberscoop.com/nist-mitre-announce-20-million-dollar-research-effort-on-ai-cybersecurity/

OpenAI Says AI Browsers May Always Be Vulnerable to Prompt Injection Attacks

,

OpenAI acknowledges AI browsers, like its Atlas, are perpetually at risk of prompt injection attacks, which manipulate AI to execute hidden malicious instructions. Despite efforts to enhance security, including a reinforcement learning-based automated attacker to identify flaws, prompt injections may never be fully mitigated, raising concerns about the safety of AI operation on the web. Ongoing layered defenses and user caution are recommended, yet the high access risk of these browsers poses a significant challenge.

https://techcrunch.com/2025/12/22/openai-says-ai-browsers-may-always-be-vulnerable-to-prompt-injection-attacks/

8 Million Users’ AI Conversations Sold for Profit by “Privacy” Extensions

, , ,

TLDR: Over 8 million users' AI conversations have been harvested and sold for profit by the Urban VPN Proxy extension, which secretly captures data from platforms like ChatGPT and Claude. Despite claiming privacy, the extension transmits sensitive information to servers without user consent. It has passed Google’s reviews, misleading users about its data practices. Users are advised to uninstall it immediately to protect their private conversations.

https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection

Scroll to Top