ESET discovers AI-assisted ransomware using Ollama API

The attacker unaware of the research LLM honeypot, literally chatted with an LLM without realizing it. 🤖 Yes, it really happened. At Beelzebub we put online an SSH research honeypot powered by an LLM. A real threat actor logged in with weak credentials (admin/123456), ran reconnaissance, and tried to infect the system with malware used in DDoS attacks. Without knowing it, they were talking to an LLM that replied like a “real” shell. What the attacker did (highlights): - Fast recon: uname -a; uptime; nproc - Download & unpack: wget …/emech.tar.gz && tar xvf … - Attempted execution/persistence (fake sshd & binaries) - C2 over IRC (channels #rootbox / #c0d3rs-TeaM) → reported to the IRC provider Why an LLM in a honeypot? 🔸 You don’t have to supervise it, and it replicates a real environment. 🔸 It’s easy to manage and maintain since it’s a fully virtualized system like a low interaction honeypot. 👉🏻 Full article: https://lnkd.in/dBQvAPPu

Hadrian’s Orchestrator AI uncovered a Server-Side Request Forgery (SSRF) vulnerability in an endpoint acting as a proxy, fetching content from user-provided URLs. So what is SSRF, and why does it matter? This quick explainer breaks down how attackers exploit it and why it poses a serious risk to applications Watch it here: https://lnkd.in/eNBxatAa #SSRF #Cybersecurity

Hadrians AI orchestration enables rapid scanning across services, reducing time-to-discovery and enabling proactive remediation before SSRF exploitation. Check out our video !!

Sybil Resistance by Design In multi-agent systems, the biggest risk isn’t malware. It’s Sybil attacks - fake agents overwhelming trust. OAuth federation can’t stop them. L2 DID alone can’t stop them. AuthChain delivers Sybil resistance by design: 🔹 Decentralized DID for any agent/tool 🔹 Continuous auth & reputational scoring 🔹 Immutable logs for real-time assurance Without Sybil resistance, AI networks are ticking time bombs. #AgenticAI #AuthChain #AIsecurity

ESET uncovers PromptLock, the first AI-powered ransomware proof-of-concept using a local gpt-oss-20b model via Ollama API to automate malicious Lua scripts for encryption and data exfiltration. #AIThreats #RansomwareTech #Slovakia link: https://ift.tt/hdaLB3G

ESET researchers have uncovered what may be the first ransomware family to weaponize an open-weight large language model in real time, raising the stakes in the cat-and-mouse race between attackers and defenders. “The rise of AI-powered ransomware is not a reason to panic or rip out defenses. It is a reminder that the fundamentals of security still matter, though they now need AI-aware adjustments,” said Dirk Schrader, VP of Security Research at Netwrix. Read more: https://lnkd.in/gsV-yd7n

🚨 A new critical vulnerability in Wing FTP Server (CVE-2025-47812) is being actively exploited by attackers. This flaw allows remote code execution, giving hackers the ability to run malicious Lua scripts, create backdoor accounts, and steal data. 👉 The takeaway? Once attackers get execution rights, it’s already too late. Detect-and-respond strategies leave businesses scrambling after the damage begins. In our latest blog, we break down what happened, why this vulnerability is so dangerous, and why the security community needs to push harder toward isolation and containment strategies that stop attacks before they execute. 🔒 Staying informed is the first step. Protecting against these evolving threats requires rethinking the way we approach endpoint security. Read the full blog here 👇 https://buff.ly/0vrIQdL #cybersecurity #ransomware #endpointsecurity #dataprotection #zeroday #securityawareness #AppGuard #AppGuardistheAnswer #infosec #CHIPS

🚨 A new critical vulnerability in Wing FTP Server (CVE-2025-47812) is being actively exploited by attackers. This flaw allows remote code execution, giving hackers the ability to run malicious Lua scripts, create backdoor accounts, and steal data. 👉 The takeaway? Once attackers get execution rights, it’s already too late. Detect-and-respond strategies leave businesses scrambling after the damage begins. In our latest blog, we break down what happened, why this vulnerability is so dangerous, and why the security community needs to push harder toward isolation and containment strategies that stop attacks before they execute. 🔒 Staying informed is the first step. Protecting against these evolving threats requires rethinking the way we approach endpoint security. Read the full blog here 👇 https://buff.ly/0vrIQdL #cybersecurity #ransomware #endpointsecurity #dataprotection #zeroday #securityawareness #AppGuard #AppGuardistheAnswer #infosec #CHIPS

EvilAI as AI-enhanced Tools to Exfiltrate Sensitive Browser Data and Evade Detections A sophisticated malware campaign has emerged that leverages artificial intelligence to create deceptively legitimate applications, marking a significant evolution in cyberthreat tactics. The EvilAI malware family represents a new breed of threats that combines AI-generated code with traditional trojan techniques to infiltrate systems worldwide while maintaining an unprecedented level of stealth. Read more | https://lnkd.in/dCzDJC6y

The invisible threat is already inside your network. While you're watching for obvious attacks, sophisticated bots are quietly mapping your APIs through thousands of legitimate-looking IP addresses. No alarms. No obvious patterns. Just a matter of patient reconnaissance, which can take weeks to unfold. The scariest part? Some are beginning to adapt their tactics in real-time based on your defenses. A10's Neil Weitzel explains what this will mean for security teams and offers guidance on how to address the issue. https://bit.ly/4my1jUB