The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Tuesday 12 May 2026

The First AI-Written Zero-Day Just Got Caught in the Wild

Google caught the first confirmed AI-generated zero-day in the wild — and it was heading for a mass 2FA-bypass event before anyone got hurt.

Lead story

The First AI-Written Zero-Day Just Got Caught in the Wild

Google's Threat Intelligence Group has confirmed what security researchers have been dreading: a real, in-the-wild zero-day exploit that was almost certainly written by an AI system, not a human. The target was a popular open-source web administration tool, the exploit was designed to bypass two-factor authentication, and a prominent cybercrime group was gearing up to use it for mass exploitation before Google's researchers spotted and stopped it.

The tell? Artefacts baked into the Python exploit script that were inconsistent with how human developers write code but consistent with how large language models generate it. It's the first time Google — or anyone credible — has publicly confirmed AI-assisted exploit development detected in active attack infrastructure, rather than in a research lab proof-of-concept.

Why this is a milestone, not just another vuln story.

We've known for a while that attackers were experimenting with AI to speed up their workflows — drafting phishing lures, summarising vulnerability disclosures, accelerating reconnaissance. Using an LLM to actually generate a functional, novel zero-day exploit and deploy it operationally is a different category of threat. It compresses the time between "vulnerability exists" and "working exploit is in someone's hands."

Think of it this way: historically, turning a newly-discovered software flaw into a reliable, weaponised exploit takes skill, time, and iteration. That gap — sometimes weeks, sometimes months — is where defenders patch, detect, and respond. AI-assisted exploit development starts closing that window in a way that's qualitatively different from, say, buying an exploit on a darknet forum.

The 2FA angle is particularly pointed. The targeted web administration tool presumably has 2FA deployed as a security control. Bypassing that in a mass exploitation campaign would have given attackers authenticated access to potentially thousands of servers with no credential theft required. For organisations running this tool, MFA alone wouldn't have saved them.

What we don't yet know is which administration tool was targeted, which cybercrime group was behind it, and whether the exploit has circulated more widely since Google's disclosure. The lack of specifics is frustrating but not unusual — responsible disclosure timelines often mean details stay vague until patches are shipped.

The defender's takeaway is uncomfortable. If AI can generate viable zero-days, then the asymmetry between attackers and defenders gets worse. Attackers already have speed and surprise on their side. AI giving them an exploit-generation capability at scale means security teams need to lean harder into detection and response — because prevention alone, at this pace, isn't going to hold.

This is also a reminder that the AI-as-attack-tool story isn't theoretical anymore. It isn't red-team researchers demonstrating what could happen. It happened. Google caught it this time. The question is how many times it won't be caught.

For Australian organisations running open-source web admin infrastructure — cPanel, Webmin, and similar tools are widely deployed in Australian hosting environments — this is a prompt to audit your exposure, ensure you're on current versions, and check whether your monitoring would actually catch authenticated-but-anomalous post-login behaviour if a bypass like this succeeded.

Also today

Dirty Frag: Another Linux Kernel Privilege-Escalation Flaw, Possibly Already Exploited

A second major Linux kernel vulnerability in two weeks has been disclosed, this one dubbed 'Dirty Frag' and tracked as CVE-2026-43284 / CVE-2026-43500. Like last month's Copy Fail bug, it sits in the same kernel memory-management subsystem and lets any user with a basic local account escalate to full root. The vulnerability was disclosed publicly before a patch was available, and there are early signs it may already be under limited exploitation in the wild. Enterprise Linux distributions — including those used heavily in Australian cloud and government infrastructure — are the primary concern. Patch as soon as your distro ships a fix.

SecurityWeek

cPanel Zero-Day Under Active Exploitation to Drop Filemanager Backdoor

A critical authentication-bypass flaw in cPanel and WebHost Manager (CVE-2026-41940) is being actively exploited by a threat actor going by Mr_Rot13, who is using it to install a backdoor called Filemanager on compromised hosting environments. cPanel is one of the most widely deployed web hosting control panels in the world, making the blast radius potentially large. Any organisation running cPanel or WHM — including Australian shared hosting providers and resellers — should treat this as urgent. Check Point's weekly threat report also flags the flaw as a top concern for the week.

The Hacker News

Checkmarx Jenkins Plugin Compromised in Second TeamPCP Supply Chain Hit

The threat actor known as TeamPCP has struck again, this time tampering with the Checkmarx Jenkins AST plugin published to the Jenkins Marketplace. This follows a separate KICS supply chain attack by the same group in recent weeks. Checkmarx confirmed the incident and has told users to roll back to version 2.0.13-829.vc72453fa_1c16 or earlier, which was published in December 2025. The attack pattern — targeting developer tooling distributed via trusted marketplaces — is becoming a signature move for this group. Any team using the Checkmarx Jenkins integration should audit their build pipelines immediately.

SecurityWeek

TrickMo Banking Malware Goes Blockchain for Stealthy Command-and-Control

A new variant of the TrickMo Android banking trojan has adopted The Open Network (TON) blockchain as its command-and-control channel — a clever evasion move that makes traffic look like routine blockchain communication rather than obvious C2 traffic. The variant is currently targeting users across Europe and introduces new commands alongside the infrastructure change. Banking malware operators using decentralised networks for C2 is a growing trend; it's significantly harder to take down than traditional domain-based infrastructure. Australian banks and their customers should note that TrickMo variants have previously targeted Australian banking apps.

Bleeping Computer

Why Resetting Passwords Doesn't Actually Kick Attackers Out of Active Directory

A useful technical explainer from Specops Software laying out why password resets are often treated as a breach-containment step when they frequently aren't. The core problem: cached credentials and live Kerberos tickets can keep an attacker authenticated even after a password change. A Kerberos ticket granted before the reset remains valid for its full lifetime — typically ten hours — meaning a threat actor who's already inside an AD environment has a window to maintain access or pivot further. For incident responders, the implication is that password resets should be paired with active session termination and ticket invalidation to actually break the access chain.

Bleeping Computer

UK Water Utility Paid the Price for Letting Hackers Linger for Two Years

South Staffordshire Water has been fined £963,900 by the UK's Information Commissioner's Office after the Cl0p ransomware group spent nearly two years lurking undetected in its network before eventually publishing the personal data of over 633,000 customers and staff in August 2022. The ICO's finding emphasises that the dwell time — not just the breach itself — constituted a systemic failure of detection and response. For Australian critical infrastructure operators, the case is a pointed reminder of why the SOCI Act's mandatory security obligation framework includes network monitoring and anomaly detection requirements, not just perimeter controls.

The Record

Cloudflare Beats Earnings, Axes 1,100 Jobs, and Watches Its Share Price Fall Anyway

Cloudflare turned in a stronger-than-expected Q1 2026, beating both revenue and earnings forecasts, then immediately announced it was cutting roughly 12 per cent of its workforce in what it described as an AI-driven restructuring. The market's response was to send the stock down more than 20 per cent. The apparent paradox isn't actually surprising: investors are reading the layoffs as a signal that AI is substituting for headcount faster than anticipated, raising questions about sustainable growth rather than celebrating the efficiency gain. It's a dynamic playing out across the tech sector — good results plus workforce cuts no longer reads as unambiguously positive.

SecurityWeek

Apple Ships Encrypted RCS Messaging Between iPhone and Android

iOS 26.5 and the accompanying macOS and iPadOS updates shipped on Monday, with the headline feature being end-to-end encrypted RCS messaging between Apple and Android devices — a first. Previously, cross-platform RCS lacked encryption, meaning carriers could read those messages. The new standard requires carrier support, and the feature is currently in beta, but it marks a meaningful step toward closing the security gap that has long existed in the grey zone between iMessage and green-bubble SMS. Australian carriers' timelines for supporting the encrypted RCS standard haven't been confirmed, but the feature will work wherever compatible carrier infrastructure is in place.

The Verge

OpenAI Launches DeployCo to Push Frontier AI Into Enterprise Production

OpenAI has unveiled DeployCo, a new enterprise deployment subsidiary designed to help large organisations move beyond AI experimentation and into genuine production use. The pitch is that most companies have tried AI tools but struggled to turn pilots into measurable operational impact — and that OpenAI wants to be the integrator, not just the model provider. It's a significant strategic shift: OpenAI is now competing directly with systems integrators and consulting firms, not just other AI labs. For Australian enterprises currently relying on local and global SI partners to deploy OpenAI-based solutions, this is worth watching as the channel dynamics shift.

OpenAI Blog

NSW Policing IT Disaster Comes Back for Another $500 Million

NSW Police are seeking a further $500 million to continue their two-decade-long search for a functioning core policing system, after dumping Amazon and its partners from a key software contract. The saga has become one of Australia's most enduring public sector IT cautionary tales — a combination of sprawling requirements, vendor changes, and governance failures that has consumed vast sums without delivering a stable platform. The Mandarin's reporting highlights the contract reset as a fresh attempt to stabilise a project that has been in various states of crisis since the early 2000s. It's a live case study in why large-scale government IT procurement remains so difficult.

The Mandarin

LLMs Are Surprisingly Good at Hiding Secret Messages Inside Normal Text

Bruce Schneier flags new research showing that large language models are highly effective at steganography — concealing hidden messages inside innocent-looking text in ways that are extremely difficult to detect. Unlike image steganography, which has well-established detection techniques, text-in-text hiding via LLM is a largely unsolved detection problem. The practical implications range from covert exfiltration of data through monitored communication channels to nation-state actors using AI-generated documents as a covert messaging layer. It's the kind of capability that sounds academic until someone builds it into a tool — at which point DLP and content-inspection controls may need a rethink.

Schneier on Security

Sources consulted