Toggle light / dark theme

Get the latest international news and world events from around the world.

Log in for authorized contributors

TuxBot v3 Evolution Shows Signs of LLMAssisted IoT Botnet Development

Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results.

“While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed to remove before shipping,” Palo Alto Networks Unit 42 said. “Although the LLM clearly aided in constructing the botnet, several functions in the analyzed samples failed to work correctly.”

The cybersecurity company said a manual code review would have resolved these errors and that it’s possible more polished iterations of the malware exist out there in the wild.

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open.

No prompt injection, no agent, no model in the loop, and no prior access to the machine: opening the folder is the entire exploit, and the result is arbitrary code execution as the logged-in user.

AI security firm Mindgard reported the flaw to Cursor on December 15, 2025 and published full technical details on Tuesday, seven months later. There is still no patch, and Cursor has published no advisory for the issue.

AsyncAPI npm packages infected with credential-stealing malware

Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities.

The threat actor exploited a misconfigured GitHub Actions workflow and pushed trojanized packages in the @asyncapi namespace that had a cummulative weekly download count of more than 2.25 million.

Multiple security companies confirmed that on July 14, an attacker compromised two AsyncAPI GitHub repositories and injected malware into project files.

Zoom warns of critical account takeover vulnerability

Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts.

Discovered internally, the security issue is tracked as CVE-2026–53412 and received a severity score of 9.8 out of 10.

In an advisory this week, the messaging platform says that the flaw affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0.

Google Gemini CLI abused as a hacking agent, malware botnet operator

A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet.

The AI agent responded to the attacker’s prompts, troubleshooting problems on the fly and even proposing operational improvements at least 59 times.

In more than 200 sessions between May 19 and April 21, the threat actor worked with the AI tool to deploy and operate an infrastructure that controlled eight systems in a dental clinic and to get access to the OpenDental database.

/* */