Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More – CVE-2026-21858 (CVSS 10.0)

Estimated reading time: 6 minutes

Key Takeaways:

  • Critical Vulnerability: n8n automation platform faces a 10.0 CVSS exploit (CVE-2026-21858) allowing unauthenticated remote code execution.
  • AI Platform Risks: ServiceNow AI Agents and Chrome extensions are being exploited for identity spoofing and “Prompt Poaching” of sensitive data.
  • Infrastructure Targeting: Telecom networks and mobile ADB services are under siege by sophisticated espionage groups and expanded botnets.
  • Action Required: Immediate patching of automation tools and auditing of browser extension policies is necessary to mitigate supply chain risks.

Table of Contents:

In early January 2026, the cybersecurity sector observed a significant concentration of threats targeting automated workflows, mobile infrastructure, and artificial intelligence interfaces. This analytical review examines the Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More, focusing on the critical security flaw identified as CVE-2026-21858 (CVSS 10.0). Organizations utilizing automated processing and AI-driven workflows face increased risks from unauthenticated remote code execution and identity impersonation. These developments necessitate a comprehensive approach to breach detection and the integration of a cyber threat intelligence platform to monitor assets effectively.

The current threat environment is characterized by the exploitation of misconfigured automation tools and the abuse of trusted system utilities. Threat actors have shifted focus toward the underlying infrastructure of AI and automation platforms, where a single vulnerability can provide access to high-value internal networks.

Critical Remote Code Execution in n8n (CVE-2026-21858)

A maximum-severity vulnerability, designated as CVE-2026-21858 and referred to as “Ni8mare,” was disclosed in the n8n workflow automation platform. This flaw carries a CVSS score of 10.0 and affects locally deployed instances running versions earlier than 1.121.0. The vulnerability allows unauthenticated remote code execution (RCE), potentially leading to complete system compromise.

The technical root of CVE-2026-21858 lies in the platform’s handling of incoming data within form-based workflows. Specifically, n8n fails to validate whether a request is processed as “multipart/form-data” before executing file-handling functions. Attackers can bypass standard security checks by sending a crafted request using a non-file content type while mimicking the internal structure expected for file uploads. This logic failure allows unauthorized access to arbitrary file paths on the host server and can be escalated to full code execution.

As of January 11, 2026, approximately 59,500 internet-exposed hosts remain vulnerable to this exploit. Geographic distribution shows a heavy concentration in the United States (over 27,000 IPs) and Europe (over 21,200 IPs). For organizations relying on automated integrations, this gap represents a significant supply-chain risk monitoring requirement, as the automation environment often holds credentials for various connected third-party services.

AI Identity Spoofing in ServiceNow (CVE-2025-12420)

Parallel to the automation risks, the ServiceNow AI Platform was found to contain a critical flaw, CVE-2025-12420, with a CVSS score of 9.3. This vulnerability enables unauthenticated identity spoofing. By bypassing authentication checks, an attacker can masquerade as a legitimate user, inheriting all permissions and privileges associated with that account.

While ServiceNow has deployed fixes to the majority of its hosted environments, self-hosted instances remain at risk. The vulnerability specifically affects “Now Assist AI Agents” (sn_aia) versions prior to 5.1.18 or 5.2.19, and the “Virtual Agent API” (sn_va_as_service) versions prior to 3.15.2 or 4.0.4. Failure to patch these components allows outsiders to access sensitive enterprise data by assuming the digital identity of privileged employees.

The Rise of Prompt Poaching via Malicious Extensions

A new technique termed “Prompt Poaching” has emerged, targeting users of generative AI tools. Two malicious Chrome extensions-“Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with DeepSeek, ChatGPT, Claude, and more”-were identified exfiltrating user conversations to attacker-controlled servers.

These extensions, which recorded over 900,000 installations before being removed from the Chrome Web Store, captured not only AI prompts and responses but also broader browsing data. This exfiltration bypasses traditional data loss prevention measures by operating directly within the browser environment, highlighting the need for brand leak alerting to detect when sensitive corporate data is shared with unauthorized AI intermediaries.

Kimwolf Botnet: Exploiting Mobile and Proxy Infrastructure

The Kimwolf botnet, a variant of the Aisuru malware targeting Android devices, has expanded its footprint to over two million infected hosts. The growth is attributed to the exploitation of residential proxy networks that allow access to internal network addresses.

Starting in November 2025, attackers used these proxies to scan for unauthenticated Android Debug Bridge (ADB) services. Once an exposed ADB interface was located, payloads were delivered via netcat or telnet, allowing remote shell execution. This campaign demonstrates how residential proxy abuse can bridge the gap between external attackers and internal mobile devices, necessitating real-time ransomware intelligence to detect early-stage lateral movement.

Telecom Espionage: Campaign UAT-7290

In South Asia, a sophisticated threat actor tracked as UAT-7290 has been targeting telecommunications infrastructure since 2022. The group employs a methodical approach, conducting extensive technical reconnaissance before deploying custom Linux malware families, including RushDrop, DriveSwitch, and SilentRaid.

The targeting of telecommunications providers suggests a strategic interest in intercepting traffic and monitoring communications at the infrastructure level. This persistent activity requires advanced intelligence to track the development of bespoke tools used by state-aligned or highly specialized espionage groups.

Hospitality Sector Targeting: PHALT#BLYX

European hospitality organizations are currently facing a multi-stage malware campaign dubbed PHALT#BLYX. The attackers use social engineering tactics, such as fake CAPTCHA prompts and simulated Blue Screen of Death (BSoD) errors, to trick users into executing malicious code.

Recent iterations of this campaign have transitioned from HTML Application files to abusing MSBuild.exe, a trusted Microsoft utility. By using a “living-off-the-land” (LotL) approach to compile and execute malicious project files, the attackers can bypass standard endpoint security. The final payload is typically an obfuscated version of DCRat, allowing for full remote access.

BreachForums Database Leak

The database for BreachForums, a prominent destination for traded stolen data, was leaked by an actor known as “James” (associated with the ShinyHunters group). The leak includes metadata for 323,986 users and originated from a breach in August 2025.

Analysis of the data indicates that a significant number of users are based in the U.S., Germany, the UK, and various regions across the Middle East and North Africa. Utilizing a dark web monitoring service is critical for organizations to determine if their internal credentials or employee emails are present in such leaks.

Critical Vulnerabilities in Libraries and Utilities

Technical teams must also account for vulnerabilities in foundational software libraries:

  • zlib (CVE-2026-22184, CVSS 9.3): A global buffer overflow was discovered in the untgz utility due to an unbounded strcpy() call.
  • Kiro GitLab Merge Request Helper (CVE-2026-0830, CVSS 8.4): Allows for arbitrary command injection when an agentic IDE opens a workspace with crafted folder names.
  • React2Shell: GreyNoise has recorded over 8.1 million attack sessions related to this exploit, with 70,000 unique payloads detected.

Illicit cryptocurrency activity reached a record $158 billion in 2025, a 145% increase from the previous year. Much of this volume is concentrated in Russia-linked entities and sanctioned exchanges like Garantex. The “A7” token and wallet cluster have emerged as a primary hub for connecting Russian actors with networks in China and Iran.

In regulatory news, the Cyberspace Administration of China (CAC) issued draft regulations mandating strict consent for personal data collection, while India continues consultations to establish security standards for mobile devices to prevent fraud and data breaches.

Technical and Organizational Takeaways

Technical Hardening:

  • Organizations running self-hosted n8n instances must immediately update to version 1.121.0 or later.
  • Verify ServiceNow “Now Assist AI Agents” versions are above 5.1.18/5.2.19.
  • Ensure the Android Debug Bridge (ADB) is disabled on all production mobile devices.

Organizational Strategy:

  • Implement a centralized policy to block unapproved AI-related browser extensions.
  • Update employee training to include “ClickFix” social engineering scenarios.
  • Use a cyber threat intelligence platform to scan for exposed services across corporate IP spaces.

The convergence of AI, automated workflows, and traditional malware delivery underscores the necessity for integrated security operations. PurpleOps provides high-fidelity intelligence and rigorous testing to navigate these complexities.

Our Cyber Threat Intelligence services offer visibility into emerging campaigns. By leveraging Dark Web Monitoring, we identify brand leaks before they are used in attacks. To identify vulnerabilities like CVE-2026-21858, PurpleOps offers and Red Team Operations. Our Platform consolidates these findings into a unified view.

To request a detailed security assessment, PurpleOps Solutions today.

Frequently Asked Questions

What is the significance of CVE-2026-21858?
It is a CVSS 10.0 vulnerability in the n8n automation platform that allows unauthenticated remote code execution. Because automation platforms often hold sensitive API keys and credentials, this exploit represents a major supply chain risk.

How does “Prompt Poaching” work?
Prompt Poaching involves malicious browser extensions that capture user interactions with generative AI tools (like ChatGPT or Claude). The data is then sent to attacker-controlled servers, bypassing traditional Data Loss Prevention (DLP) tools.

What is the PHALT#BLYX “ClickFix” tactic?
Attackers use social engineering to trick users into copying and pasting malicious commands into their system terminal by simulating errors like the Blue Screen of Death or fake CAPTCHA prompts.

Are hosted ServiceNow instances affected by CVE-2025-12420?
ServiceNow has already deployed patches to most of its hosted environments, but self-hosted instances remain highly vulnerable until they are manually updated to the secure version thresholds.