OpenAI launches Codex Security, an AI agent that scanned 1.2M commits and flagged 10,561 high-severity 취약점. Iran's MuddyWater embeds in US banks and airports with a new Dindoor 백도어. Termite 랜섬웨어 deploys CastleRAT via ClickFix 소셜 엔지니어링. Microsoft warns hackers are abusing AI at every stage of the attack lifecycle. Here's everything you need to know today.
OpenAI has launched Codex Security, an AI-powered security agent that autonomously reviews code commits for 취약점. In its first week of general availability, it scanned 1.2 million commits and identified 10,561 high-severity 취약점 — including SQL 인젝션, authentication bypasses, and hardcoded secrets.
| Milestone | 날짜 | Details |
|---|---|---|
| Aardvark private beta | October 2025 | Internal testing with select enterprise partners |
| Codex Security launch | March 2026 | General availability for ChatGPT Pro/Enterprise/Business users |
| First week results | March 8, 2026 | 1.2M commits scanned, 10,561 high-severity findings |
Codex Security represents a significant shift in application security — moving from periodic scanning to continuous AI-powered code review. The 10,561 high-severity findings in just one week suggest many 취약점 slip through traditional SAST/DAST tooling. Available to ChatGPT Pro, Enterprise, and Business subscribers at no additional cost.
The Velvet Tempest 위협 행위자 group is deploying Termite 랜섬웨어 using a ClickFix 소셜 엔지니어링 technique combined with legitimate Windows utilities to deliver DonutLoader 악성코드 and the CastleRAT 백도어.
Block ClickFix-style attacks by training users to never execute commands from pop-up error messages. Implement application whitelisting to prevent unauthorized use of mshta.exe and certutil. 모니터링 for DonutLoader indicators and unusual PowerShell execution patterns.
Microsoft's latest threat intelligence report confirms that 위협 행위자s are increasingly using AI across all stages of the attack lifecycle — from reconnaissance and 소셜 엔지니어링 to 악성코드 development and evasion.
| Attack Stage | AI Application | 영향 |
|---|---|---|
| Reconnaissance | AI-powered OSINT gathering, target profiling | Faster, more thorough target analysis |
| 소셜 엔지니어링 | Deepfake voice/video, AI-written 피싱 | 높음er success rates, multilingual campaigns |
| Malware Development | AI-generated code, polymorphic 악성코드 | Faster development cycles, evasion of signatures |
| Credential Attacks | AI-optimized password spraying, CAPTCHA solving | 높음er throughput, bypass of protections |
| Evasion | AI-modified 페이로드s to bypass EDR/AV | 낮음er detection rates |
Microsoft emphasizes that AI is lowering the barrier to entry for cybercrime — less skilled actors can now execute sophisticated attacks. Organizations must adopt AI-powered defenses to keep pace with AI-powered offense. Traditional signature-based detection is increasingly inadequate.
MuddyWater (also tracked as Seedworm), affiliated with Iran's Ministry of Intelligence and Security (MOIS), is actively embedding in US company networks including banks, airports, and nonprofits using a new 백도어 called Dindoor.
| 날짜 | Event |
|---|---|
| February 2026 | Initial campaign activity detected targeting US organizations |
| Late February 2026 | Campaign intensifies following US/Israeli strikes on Iranian nuclear facilities |
| March 2026 | Dindoor 백도어 identified in multiple US financial and transportation networks |
The intensification of 이 캠페인은 directly correlates with escalating US-Iran tensions following military strikes. MuddyWater's targeting of banks and airports suggests both intelligence collection and potential pre-positioning for disruptive attacks. US CISA has issued an advisory urging 핵심 인프라 운영자 to hunt for Dindoor indicators.
CISA has ordered all federal agencies to patch three Apple iOS security flaws actively 익스플로잇ed by the Coruna 익스플로잇 kit in cyberespionage and cryptocurrency theft campaigns.
The Coruna 익스플로잇 kit chains these three 취약점 together for a zero-click 익스플로잇 capable of fully compromising iOS devices. It has been observed in two distinct campaigns:
Update all iOS devices to the latest version immediately. Federal agencies have a mandatory deadline to comply. 조직은 해야 합니다 verify all corporate-managed iOS devices are patched and monitor for 침해 지표(IoC) associated with the Coruna 익스플로잇 kit.
The FBI has confirmed it is investigating a breach of systems used for surveillance and wiretap warrant management — potentially exposing details of ongoing investigations and surveillance targets.
While details remain limited due to the sensitivity of the investigation, key concerns include:
This breach follows a pattern of attacks targeting law enforcement and intelligence community systems. The compromise of wiretap management systems is particularly sensitive — it could undermine active criminal and national security investigations and erode public trust in the government's ability to secure its most sensitive operations.
A new ClickFix variant called InstallFix is targeting developers by creating fake installation guides for popular CLI tools — including Claude Code by Anthropic — that trick users into running malicious commands.
curl | bash one-liner that fetches 악성코드Always install developer tools only from official sources. For Claude Code, use Anthropic's official documentation at docs.anthropic.com. Never run curl | bash commands from unofficial websites. Verify package checksums and use package managers (npm, pip) rather than raw shell scripts.
Transparent Tribe (APT36), a Pakistan-aligned APT group, is using AI coding tools to mass-produce 악성코드 in uncommon languages like Nim, Zig, and Crystal — creating what researchers are calling "Vibeware": vibe-coded 악성코드 produced at industrial scale.
| Aspect | Traditional Malware | Vibeware |
|---|---|---|
| Development time | Weeks to months | Hours to days |
| Languages | C/C++, Python, C# | Nim, Zig, Crystal, V, Odin |
| Signature evasion | Manual obfuscation | Inherent — uncommon language binaries evade most AV |
| Scale | Dozens of variants | Hundreds of unique binaries per day |
| Disposability | Reused across campaigns | Single-use, discarded after detection |
Vibeware represents a fundamental shift in the 악성코드 economy. Transparent Tribe's use of AI to industrialize malware production means defenders must move beyond signature-based detection toward behavioral analysis, memory forensics, and AI-powered threat detection. The concept of "known 악성코드" becomes less relevant when 공격자가 할 수 있습니다 generate unique variants on demand.
| Threat | Actor | Severity | Action Required |
|---|---|---|---|
| OpenAI Codex Security launch | N/A (Defensive) | 🟢 Info | Evaluate for CI/CD integration |
| Termite 랜섬웨어 + CastleRAT | Velvet Tempest | 🔴 치명적 | Block ClickFix, monitor DonutLoader IOCs |
| AI abuse across attack stages | Multiple | 🔴 치명적 | Deploy AI-powered defenses, update threat models |
| MuddyWater Dindoor 백도어 | Iran (MOIS) | 🔴 치명적 | Hunt for DoH anomalies, audit critical infrastructure |
| Coruna iOS 익스플로잇 kit | Unknown (espionage) | 🔴 치명적 | Patch all iOS devices immediately |
| FBI wiretap system breach | Unknown | 🔴 치명적 | Audit law enforcement system access controls |
| InstallFix fake install guides | Cybercriminals | 🟠 높음 | Verify all tool installations from official sources |
| Transparent Tribe Vibeware | Pakistan-aligned APT | 🟠 높음 | Deploy behavioral detection, move beyond signatures |
KENSAI's automated security scanning detects 취약점, misconfigurations, and 침해 지표(IoC) across your entire attack surface — before attackers 익스플로잇 them.
Start Free Security ScanStay vigilant. Stay protected.
🗡️ KENSAI Threat Intelligence Team