A newly disclosed Windows zero-day vulnerability named ‘MiniPlasma’ allows attackers to gain SYSTEM-level privileges on fully patched Windows 11 systems.
The vulnerability affects the Windows Cloud Files Mini Filter Driver (cldflt.sys), a core component used by cloud synchronization services such as Microsoft OneDrive.
Researchers released a public proof-of-concept (PoC) exploit, increasing the risk of real-world exploitation by threat actors and ransomware groups.
The flaw enables a normal user account to escalate privileges without requiring administrator access, making it highly dangerous in enterprise environments.
The exploit reportedly abuses:
Weak access validation
Registry interactions
Undocumented Windows APIs
Logic flaws in the cloud synchronization subsystem
How enterprise will address the risk
Researchers claim the same underlying weakness still exists and remains exploitable.The vulnerability is still present in fully patched systems running the latest May 2026 updates. The original proof-of-concept code published by Forshaw worked without modification.
The flaw allows attackers with physical access to bypass BitLocker protections and gain unrestricted shell access to encrypted volumes through the Windows Recovery Environment (WinRE).
The attack is triggered by placing specially crafted files inside a specific directory on a USB drive or directly in the EFI partition.
The flaw is disturbing as the vulnerable component exists exclusively within the WinRE image, not in standard Windows installations, and an identical component appears in normal installations but without the triggering functionality.
Microsoft has not publicly addressed the claim and neither dedicated emergency patch or confirmed whether MiniPlasma represents a new vulnerability class .
Google Threat Intelligence Group (GTIG) has tracked and found how attackers have models pose as security researchers or firmware experts to perform analyses on embedded systems and protocols. The zeroday exploit set to target popular open-source web administration tool, generated using AI. Observations revealed hackers are deploying agentic tools to partially automate research and exploit validation.
This shifts AI from a passive assistant to a system that independently executes parts of offensive workflows.
Theis report provide insights derived from Mandiant incident response engagements, Gemini and GTIG’s proactive research. The highlights aim at the threat environment where AI serves dual purpose. On one hand to disrupt advance cyber threats from hackers and other AI tools acting as high value agents for cyber attacks.
Here are key highlights of the threat research:
Vulnerability Discovery and Exploit Generation: For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI. The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use.
AI-Augmented Development for Defense Evasion: AI-driven coding has accelerated the development of infrastructure suites and polymorphic malware by adversaries. These AI-enabled development cycles facilitate defense evasion by enabling the creation of obfuscation networks and the integration of AI-generated decoy logic in malware that google have linked to suspected Russia-nexus threat actors.
Autonomous Malware Operations: AI-enabled malware, such as PROMPTSPY, signal a shift toward autonomous attack orchestration, where models interpret system states to dynamically generate commands and manipulate victim environments. Analysis of this malware revealed previously unreported capabilities and use cases for its integration with AI.
AI-Augmented Research and IO: Adversaries continue to leverage AI as a high speed research assistant for attack lifecycle support, while shifting toward agentic workflows to operationalize autonomous attack frameworks.
Obfuscated LLM Access: Threat actors now pursue anonymized, premium tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits. This infrastructure enables large scale misuse of services while subsidizing operations through trial abuse and programmatic account cycling.
Supply Chain Attacks: Adversaries like “TeamPCP” (aka UNC6780) have begun targeting AI environments and software dependencies as an initial access vector. These supply chain attacks result in multiple types of machine learning (ML)-focused risks outlined in the Secure AI Framework (SAIF) taxonomy, namely Insecure Integrated Component (IIC) and Rogue Actions (RA).
Hackers leveraging AI for vulnerability development and Zeroday exploitation
Cybercriminal groups are increasingly leveraging AI to support vulnerability discovery and exploit development.
Google Researchers observed threat actors planning large-scale exploitation campaigns using AI-assisted techniques.
A zero-day vulnerability was identified in a Python script capable of bypassing Two-Factor Authentication (2FA) in a popular open-source web administration tool. The exploit required valid user credentials but bypassed 2FA due to a hardcoded trust assumption within the application logic. Analysis suggests the vulnerability discovery and exploit development were likely assisted by an AI model due to:
Structured and highly “textbook” Python coding style
Excessive educational docstrings
Hallucinated CVSS scoring
LLM-like formatting patterns and helper classes
Unlike traditional vulnerabilities such as memory corruption or input validation flaws, this issue was a high-level semantic logic flaw difficult for conventional scanners to detect. Frontier AI models are becoming increasingly capable of:
Understanding developer intent
Identifying hardcoded security assumptions
Detecting hidden logic inconsistencies
Surfacing vulnerabilities missed by static analysis and fuzzing tools
The incident highlights the growing risk of AI-assisted zero-day discovery and exploitation by threat actors and as AI use datasets containing historical vulnerabilities to help models better reason about security flaws.
“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” GTIG researchers say.
What can be the consequences specifically at a time when new AI models unlike Anthropic’s Mythos, which were announced last month and appear to be good at finding such holes that Anthropic shared.
Rob Joyce, the former cybersecurity director of the National Security Agency, said that it can be difficult to know whether a human or machine wrote computer code, adding that, “A.I.-authored code does not announce itself.”
The Zeroday Defect
The report’s main findings involves a zero-day exploit that GTIG assessed was likely developed with AI assistance.
The vulnerability affected a popular open-source, web-based system administration tool and allowed two-factor authentication to be bypassed, although valid user credentials were still required.
The zero-day flaw was detected by the Google Threat Intelligence Group within the past few months and was exploited by “prominent cybercrime threat actors” in a script of the Python programming language.
Allow hackers to bypass two-factor authentication on “a popular open-source, web-based system administration tool,” though the hackers also would have needed access to valid credentials like user names and passwords to be successful, the company said.
Malware Evasion Techniques via AI
Hackers are also leveraging malware evasion techniques and sandbox evasions and other tricks to stay out of sight. As defenders increasingly rely on AI to accelerate and improve threat detection, a subtle but alarming new contest has emerged between attackers and defenders.
GTIG identified several malware families or tools with LLM-enabled obfuscation features, including PROMPTFLUX, HONESTCUE, CANFAIL, and LONGSTREAM.
Here is an example:
In June 2025, a malware sample was anonymously uploaded to VirusTotal from the Netherlands. At first glance, it looked incomplete. Some parts of the code weren’t fully functional, and it printed system information that would usually be exfiltrated to an external server.
The sample contained several sandbox evasion techniques and included an embedded TOR client, but otherwise resembled a test run, a specialized component or an early-stage experiment. What stood out, however, was a string embedded in the code that appeared to be written for an AI, not a human. It was crafted with the intention of influencing automated, AI-driven analysis, not to deceive a human looking at the code.
The malware includes a hardcoded C++ string, visible in the code snippet below:
In-memory prompt injection.
Hackers can leverage these emerging AI Evasion techniques to bypass AI-powered security systems by manipulating how Large Language Models (LLMs) interpret, analyze, and classify malicious content or activity.
How Attackers May Use AI Evasion Techniques
Prompt Injection Attacks Attackers craft malicious inputs that manipulate AI models into ignoring security rules, revealing sensitive information, or executing unintended actions.
Bypassing AI-Based Detection Threat actors can design malware, phishing emails, or malicious scripts in ways that appear legitimate to AI-powered detection systems.
Manipulating Context & Intent AI systems rely heavily on context and language interpretation. Attackers may exploit ambiguous wording, hidden instructions, or layered prompts to confuse AI defenses.
Generating Adaptive Malware AI-generated malware can dynamically modify behavior, code structure, or communication patterns to evade traditional and AI-driven security tools.
Automating Social Engineering AI can help create highly convincing phishing messages, fake identities, and impersonation attempts that are harder for AI-based defenses to detect.
Conclusion: AI is significantly strengthening cybersecurity defenses.
Security teams are leveraging AI for real-time threat detection, behavioral analytics, automated incident response, vulnerability management, and proactive risk assessment. While attackers currently benefit from AI-driven automation and exploitation capabilities, defenders are expected to gain a stronger long-term advantage as AI evolves into a core component of secure software development, proactive cyber defense, and intelligent security operations.
A zero-day bug caused a DoS attack that disrupted major mining pools.
Unpatched Litecoin Nodes Created the Vulnerability, allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s
A sophisticated zero-day bug triggered a chain of events that included a Denial of Service (DoS) attack on Litcoin a major mining pools and a specialized exploit of the MimbleWimble Extension Blocks (MWEB).The zero-day specifically targeted MWEB, Litecoin’s privacy feature which are complex in nature and that creates attack surfaces. The specific vulnerability has been patched in version 0.21.5.4,
How is Litecoin different from Bitcoin?
Litecoin is a 2011 fork of Bitcoin with faster block times (2.5 minutes vs. 10 minutes), a larger supply cap (84 million vs. 21 million), and the Scrypt mining algorithm instead of SHA-256. The biggest functional difference today is MWEB, which gives Litecoin optional transaction privacy that Bitcoin does not offer at the base layer.
Attack Module
The attack had two components. First, the attackers used a DoS scheme to take mining nodes running the updated code offline. Then, unprotected nodes formed an alternative chain that included invalid MWEB transactions.
What caused the zero day vulnerability?
The bug or flaw led to a denial-of-service assault that temporarily interrupted operations at several prominent mining pools. The event, which occurred over the weekend, exposed a narrow window of risk but was contained efficiently through coordinated technical measures.
At the core of the disruption were mining nodes that had not yet applied the most recent security patches. Litcon said now the bug has now been fully patched, and the network continues to operate normally. A new core version was released subsequently, including important security updates.
The zero-day attack succeeded because many Litecoin nodes ran outdated software that improperly validated MWEB transactions. This created a two-tier network in which different participants operated under distinct consensus rules.
Bitcoin and Litecoin have no mandatory update mechanism so mostly Nodes can run old software indefinitely. Attackers seized this opportunity and the exact vulnerability exploited in the attack.
Litecoin developers have fixed the issue and the zeroday incident exposes how dependent decentralized networks are on coordinated node updates and careful operator behavior. The network was recovered, but it did not emerge unscathed.
Team Litcoin confirmed the bug on their official X account and stated a patch has been fully deployed, with node operators urged to update immediately. No user funds were lost, but the reorg reversed transactions across those 13 blocks, a depth that qualifies as a serious network event by any measure.
Conclusion:
As per security experts the incident exposed a vulnerability in the update mechanism in Proof-of-Work (PoW) networks and there is a level of risk in its privacy layers as threat actors took advantage by channeling funds through external platforms.
At the same time causing a Denial of Service attack (DoS) on large mining pools. The incident proved how important it is for nodes and miners to stay up to date and patch timely.
SonicWall has released a security update to fix a privilege escalation vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was tricked in zero-day attacks to escalate privileges.
Recent Comments