If you enjoy our newsletter, please consider to be a paid subscriber to help us keep more news and updates coming out.
Q1 2026 Book Report is available and free to download.
Highlights
Google: AI generated Zero DayTanStack compromisedOpenAI, Mistral AI impactedCSA Confirmed exploitationWindows Zero day
Deep Dive
AI generates Zero Day Google
1st time identification by Google
AI-generated Zero day by threat actor
Associated to China and North Korea
AI-generated decoy logic malware
Associated to Russia
Mini Shai-Hulud: TanStack Aikido
Run during install, looks for secrets
steal credentials from machines and CI/CD
Github, AWS, Kubernetes, Vault
Environment variables and local file system
373 malicious version of 169 packages
OpenAI and Mistral AI impacted BleepingComputer
OpenAI employees’ devices
Mistral AI’s PyPi packages
OpenSearch JavaScript clients
Guardrails AI PyPI package
Crypto wallets and AI secrets
Confirmed exploitation CSA
By pass 2FA authentication
Exploitable of logic class
AI-assisted, mass scale
Web Administration tool
Restrict IPs, VPNs, inernet
Windows 11 & Server Zero day TomsHardware
YellowKey bypasses BitLocker encryption
USB stick to reboot Windows Recovery
GreenPlasma grants system-level access
Manipulate memory of any Windows Manager
Bypass regular access control
![[Available] Book Report Q1 2026](https://substackcdn.com/image/fetch/$s_!UrNn!,w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe822165f-0454-4166-8b0b-75582950bf85_1464x834.png)
![[Available] Book Report Q3, 2025](https://substackcdn.com/image/fetch/$s_!HI5v!,w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F62b0655a-9a73-4382-8201-d9007269e7ad_900x900.jpeg)
