← Back to Security Blog
Security Briefing 8 min read

Dell Zero-Day Exploited 18 Months + AI Assistants as C2 Proxies

Chinese APT exploited a Dell zero-day for 18+ months undetected. Check Point demonstrates Microsoft Copilot and Grok as malware C2 proxies. Keenadu firmware backdoor discovered in Android tablets. Password managers have 25 attack variants undermining zero-knowledge promises.


Critical: Dell Zero-Day — 18 Months Undetected

Chinese State-Sponsored Attack Since Mid-2024

Chinese state-backed hackers have been exploiting a critical Dell vulnerability since mid-2024 — over 18 months before detection. Zero-day attacks started before any patch was available.

This prolonged dwell time highlights the sophistication of nation-state actors and the need for robust detection beyond just patching.


AI Assistants Weaponized as C2 Proxies

Microsoft Copilot and Grok Demonstrated as Malware Infrastructure

Check Point researchers have demonstrated that AI assistants can serve as command-and-control proxies for malware operations.

AI Platform Abuse Vector
Microsoft Copilot Web browsing + URL fetching enables reconnaissance
xAI Grok Same capabilities exploited for dynamic attack decisions

The technique enables:

Organizations using enterprise AI tools should monitor for anomalous request patterns.


Keenadu: Android Firmware Backdoor

Devices Compromised During Manufacturing

Kaspersky discovered sophisticated Android malware embedded in device firmware — compromised during the build phase, not after.

Key findings:

This represents a supply chain compromise at the hardware level — extremely difficult to detect or remediate.


Password Managers: 25 Attack Variants

ETH Zurich Research Questions Zero-Knowledge Claims

Researchers identified 25 attack variants against cloud password managers including Bitwarden, LastPass, and Dashlane.

Attack severity ranges from integrity violations to complete vault compromise. The research assumes a malicious server scenario, questioning whether "zero-knowledge encryption" truly protects users if the server is compromised.

Affected Products


Microsoft Patch Tuesday Reminder

Yesterday's 6 zero-days remain critical. If you haven't patched yet:

CVE Impact
CVE-2026-21510 Windows Shell bypass — single click executes attacker code
CVE-2026-21513 MSHTML browser bypass
CVE-2026-21514 Microsoft Word security bypass
CVE-2026-21533 RDP privilege escalation to SYSTEM
CVE-2026-21519 Desktop Window Manager escalation
CVE-2026-21525 VPN disruption via RASMAN DoS

VSCode Extensions: 128M+ Downloads Affected

Critical-to-high severity flaws discovered in popular VSCode extensions with 128 million+ total downloads:


Malware Updates

Lumma Stealer — Google Groups Abuse

ClickFix DNS Evolution

ClickFix attacks now use DNS queries (nslookup) to retrieve PowerShell payloads — first known use of DNS as a payload delivery channel. Delivers "ModeloRAT" malware.


Breaches & Ransomware

Target Impact Actor
Eurail B.V. Traveler data on dark web Unknown
Canada Goose 600K customer records ShinyHunters
LVMH brands $25M fine (South Korea) Scattered LAPSUS$
Washington Hotel (Japan) Business data exposed Ransomware

Positive news: A 47-year-old Phobos ransomware suspect was arrested in Poland with devices containing stolen credentials and credit card data.


CISA Still at 38% Capacity

The DHS shutdown continues — CISA operating with 888 of 2,341 staff. Federal cybersecurity response capability remains degraded. Organizations should increase internal monitoring.


Today's Numbers

Metric Value
Dell zero-day dwell time 18+ months
Password manager attack variants 25
VSCode extension downloads affected 128M+
Malicious Google Groups 4,000+
Active Microsoft zero-days 6
CISA capacity 38%

Today's Priorities

  1. PATCH: Microsoft 6 zero-days + Chrome 145 + BeyondTrust + Ivanti
  2. AUDIT: VSCode extensions — remove unknown/unnecessary ones
  3. MONITOR: Enterprise AI tool usage for anomalous patterns
  4. REVIEW: Supply chain security — firmware integrity
  5. ASSESS: Password manager risk based on ETH Zurich findings

Protect Your Organization with KENSAI

AI-powered vulnerability management with 333,000+ CVEs indexed.

Start Free Scan

Stay secure. Stay vigilant.

🗡️ KENSAI Security Team

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →

📚 Related Articles