Advisories 11 May 2026 / 0 Comments

First AI-Generated Zero-Day Exploit – 2FA Bypass in Open-Source Web Admin Tool

Scope: Open-Source Web-Based System Administration Tool (Vendor Unspecified)

Severity: High

Google's Threat Intelligence Group (GTIG) has disclosed the first confirmed instance of a threat actor using AI to discover and weaponize a zero-day vulnerability — a logic flaw in a popular open-source web administration tool that enabled two-factor authentication bypass for any attacker holding valid user credentials. The AI-generated Python exploit was identified by its hallmarks: educational docstrings, a hallucinated CVSS score, and textbook-structured code characteristic of LLM output; Google worked with the vendor to patch the flaw and disrupt the planned mass exploitation campaign before it launched. Organizations should apply all available patches for web-based administration tools immediately, isolate admin interfaces from the public internet, enforce strict access controls, and monitor for patterns of repeated failed 2FA attempts followed by successful logins as a potential indicator of compromise.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

First AI-Generated Zero-Day Exploit – 2FA Bypass in Open-Source Web Admin Tool

Active Malvertising Campaign Abusing Google Ads and Claude.ai to Deliver Mac Infostealer

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

First AI-Generated Zero-Day Exploit – 2FA Bypass in Open-Source Web Admin Tool

RELATED ADVISORIES

Active Malvertising Campaign Abusing Google Ads and Claude.ai to Deliver Mac Infostealer

Recent Advisories

Categories