May 7, 2026 by sig9

Hacker Wars - May 07, 2026

bulletin-feature-image

Your daily dose of infosec chaos

Today’s theme is clear: AI is not just a tool defenders use. Attackers are wielding it to breach water utilities, researchers are finding critical vulns in AI developer tools, and enterprise gear keeps needing emergency patches. Buckle up.

Cisco Patches Critical Vulns Leading to Code Execution and SSRF

Cisco shipped fixes for high-severity flaws across its enterprise product lineup that could let attackers achieve code execution or server-side request forgery. If your org runs Cisco gear - and whose doesn’t - these patches need to jump to the top of your queue before exploitation attempts ramp up.

What to do: Inventory your Cisco deployments and apply the relevant patches immediately. Prioritize internet-facing appliances.

Claude AI Used to Guide Attack on Mexican Water Utility

Dragos revealed that threat actors used Claude AI to help navigate and target OT assets during an intrusion at a water and drainage utility in Mexico. The AI helped attackers understand industrial control systems they likely had no prior expertise with. Welcome to the era of AI-assisted critical infrastructure attacks.

What to do: Segment your OT networks aggressively. Treat AI chatbots as potential attack enablers when assessing threat models. Monitor for anomalous OT traffic patterns.

Gemini CLI Had a Prompt Injection Vuln That Could’ve Wiped Repos

A vulnerability in Google’s Gemini CLI could have allowed attackers to inject malicious prompts via GitHub issues, leading to arbitrary code execution and potential supply chain attacks. The AI agent designed to triage issues could instead be weaponized against the repos it was supposed to help manage.

What to do: Audit any AI agents integrated into your CI/CD pipelines. Implement strict prompt sanitization and sandboxing for AI-driven automation.

PyPI Packages Caught Dropping ZiChatBot Malware on Windows and Linux

Three malicious packages on PyPI were found delivering a previously unknown malware called ZiChatBot, using Zulip APIs for command-and-control on both Windows and Linux. The packages looked legitimate enough to fool developers into installing them, because of course they did.

What to do: Pin your dependencies and verify package integrity. Consider using a private package registry or at minimum run automated supply chain scanning in your pipelines.

That’s the chaos for today. Stay sharp out there.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.