Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching, and CVE-2026-21858 (CVSS 10.0)

Estimated Reading Time: 6 minutes

Key Takeaways:

  • Critical Vulnerability: CVE-2026-21858 (CVSS 10.0) in the n8n automation platform allows for unauthenticated remote code execution.
  • AI Privacy Risks: “Prompt Poaching” techniques via malicious browser extensions are being used to exfiltrate sensitive LLM conversations.
  • Botnet Proliferation: The Kimwolf botnet has infected over 2 million Android devices by exploiting exposed ADB services.
  • Nation-State Espionage: China-linked actors are intensifying their focus on telecommunications infrastructure in South Asia and the U.S.
  • Evasive Malware: The PHALT#BLYX campaign utilizes Living-off-the-Land (LotL) techniques, specifically MSBuild.exe, to bypass endpoint defenses.

Table of Contents:

Technical analysis of the past week’s activity indicates that misconfigurations in automation tools and the abuse of trusted system utilities remain primary vectors for large-scale exploitation. Threat actors are increasingly focusing on the intersection of artificial intelligence (AI) and workflow automation to achieve remote code execution (RCE) and data exfiltration. This weekly report covers the critical disclosure of CVE-2026-21858, the expansion of the Kimwolf botnet, and sophisticated espionage campaigns targeting telecommunications infrastructure.

The security environment this week was dominated by a maximum-severity flaw in the n8n workflow automation platform, tracked as CVE-2026-21858 with a CVSS score of 10.0. This vulnerability highlights the risks inherent in self-hosted automation environments where data validation protocols are insufficient. Simultaneously, the “Prompt Poaching” phenomenon has emerged as a significant threat to AI privacy, with malicious browser extensions exfiltrating LLM conversations.

CVE-2026-21858 (CVSS 10.0): The Ni8mare Vulnerability in n8n

A critical vulnerability, designated as CVE-2026-21858 and nicknamed “Ni8mare,” was disclosed in the n8n workflow automation platform. This flaw allows unauthenticated remote code execution and full system compromise on locally deployed instances running versions prior to 1.121.0.

The technical root cause involves how the n8n platform processes incoming data in form-based workflows. Specifically, the parsing logic for file-handling functions fails to validate if an incoming request is formatted as “multipart/form-data.” Attackers can bypass standard checks by sending a specially crafted request using a non-file content type while structuring the request body to mimic the internal format expected for file uploads.

This logic failure enables an attacker to:

  • Access arbitrary file paths on the host server.
  • Escalate privileges to achieve code execution.
  • Compromise connected services integrated into the n8n environment.

Data indicates approximately 59,500 internet-exposed n8n hosts remain vulnerable. The geographic distribution shows over 27,000 affected IPs in the U.S. and 21,200 in Europe. Organizations should leverage threat intelligence to identify exposed automation instances within their perimeter.

Botnet Expansion: Kimwolf Infects 2M Android Devices

The Kimwolf botnet, a variant of the Aisuru malware, has successfully compromised over two million Android devices. The primary infection vector involves the exploitation of unauthenticated Android Debug Bridge (ADB) services.

Threat actors are utilizing residential proxy networks to bypass traditional network boundaries. By abusing proxy providers that allow access to local network addresses, attackers can interact directly with devices on the same internal network as the proxy client. Since November 2025, active scanning has been observed for ADB services on ports 5555, 5858, 12108, and 3222.

Once an exposed ADB port is identified, the botnet delivers payloads via netcat or telnet, allowing for:

  • Unauthorized app installation and removal.
  • Direct execution of shell commands.
  • Data exfiltration from the mobile environment.

Telecom Espionage: UAT-7290 and Salt Typhoon Activity

Telecommunications infrastructure in South Asia and the United States has been the target of sustained cyber-espionage campaigns.

UAT-7290 in South Asia

The China-linked actor UAT-7290 has been active since at least 2022, focusing on technical reconnaissance followed by the deployment of custom malware families. The toolkit includes RushDrop, DriveSwitch, and SilentRaid, designed for persistence and lateral movement within Linux-based telecom environments.

Salt Typhoon and U.S. Congressional Hacks

In the U.S., the group Salt Typhoon is linked to the compromise of email systems used by congressional staff. These intrusions, detected in December 2025, show a high level of sophistication in targeting specific legislative personnel involved in national security and foreign policy. Effective supply-chain risk monitoring is essential for telecom providers to identify compromised third-party components.

Prompt Poaching: Malicious Extensions Target AI Privacy

A new technique termed “Prompt Poaching” has been identified, where browser extensions are used to steal conversations from AI platforms like ChatGPT and DeepSeek. Two specific extensions, “Chat GPT for Chrome with GPT-5” and “AI Sidebar,” were found to have over 900,000 collective installations before their removal.

These extensions exfiltrate:

  • User prompts and AI-generated responses.
  • Session tokens and browsing metadata.
  • Personal identifiable information (PII) shared within the chat interface.

PHALT#BLYX: Targeting the European Hospitality Sector

A campaign dubbed PHALT#BLYX is utilizing social engineering to deliver a heavily obfuscated variant of DCRat to hospitality organizations in Europe. The attack sequence employs “ClickFix” tactics, where users are presented with fake CAPTCHA prompts or simulated Blue Screen of Death (BSoD) errors.

The technical execution avoids common triggers by:

  1. Moving away from HTML Application (HTA) files.
  2. Abusing MSBuild.exe, a trusted Microsoft utility, to compile and execute malicious project files directly in memory.
  3. Employing living-off-the-land (LotL) techniques to bypass endpoint detection.

Dark Web Intelligence: BreachForums Database Leak

The database for BreachForums, a prominent underground marketplace, was leaked by a former associate of the ShinyHunters group. The leak includes records for 323,986 users, containing metadata, usernames, and associated emails.

Analysis provides insight into the underground forum landscape, showing most users originate from the U.S., Germany, the Netherlands, and France. Organizations should utilize dark web monitoring to cross-reference this leak with corporate credentials to prevent credential stuffing attacks.

Critical Infrastructure Vulnerabilities: zlib and GitLab

CVE-2026-22184 (CVSS 9.3) in zlib: A global buffer overflow exists in the untgz utility. If an archive name exceeds 1024 bytes, it results in an out-of-bounds write, leading to memory corruption or arbitrary code execution.

CVE-2026-0830 (CVSS 8.4) in Kiro GitLab Helper: A command injection vulnerability allows an attacker to craft workspace folder names containing shell meta-characters to execute arbitrary commands on a developer’s machine.

Global Regulatory and Data Updates

  • India Source Code Consultation: The Ministry of Electronics and Information Technology (MeitY) is developing a regulatory framework for mobile security, including mandatory 12-month retention of security audit logs.
  • China Personal Data Regulations: The CAC issued draft rules emphasizing the principle of “necessity,” requiring separate consent for sensitive personal information and strictly controlling microphone/camera access.
  • Illicit Cryptocurrency Activity: TRM Labs reported illicit crypto activity reached $158 billion in 2025, with a significant portion linked to Russia-linked entities used to bypass sanctions.

Practical Takeaways for Technical and Non-Technical Readers

Technical Takeaways:

  • Immediate Patching: Update n8n instances to version 1.121.0 or later to mitigate CVE-2026-21858.
  • ADB Hardening: Ensure Android Debug Bridge is disabled on all production and end-user devices.
  • LotL Monitoring: Configure EDR solutions to flag unusual MSBuild.exe activity.

Non-Technical Takeaways:

  • Extension Governance: Implement a policy for “approved” browser extensions; discourage the use of third-party AI “wrappers.”
  • Phishing Awareness: Train staff to recognize “ClickFix” social engineering tactics.
  • Third-Party Risk: Review the security posture of self-hosted automation tools.

PurpleOps Expertise in Threat Mitigation

The complexities of AI automation exploits and multi-stage malware campaigns require a multi-layered security approach. PurpleOps provides specialized services to neutralize these threats.

Our Cyber Threat Intelligence services provide the granular visibility needed to track APT groups. For companies utilizing complex automated workflows, our Supply Chain Information Security assessments can identify vulnerabilities like CVE-2026-21858 in your infrastructure.

Furthermore, our Dark Web Monitoring service ensures that if your corporate credentials appear in leaks, you are alerted immediately. We also offer and Red Team Operations to simulate the latest LotL techniques.

To protect against the rise of automated threats, explore our Protect Against Ransomware solutions or view our full suite of PurpleOps Solutions. For a comprehensive evaluation, contact the Security Platform team today.

Frequently Asked Questions

What is the “Ni8mare” vulnerability (CVE-2026-21858)?
It is a critical 10.0 CVSS flaw in the n8n automation platform that allows unauthenticated attackers to execute code remotely by exploiting failures in the processing of form-based workflow data.

How does “Prompt Poaching” work?
Attackers use malicious browser extensions (often disguised as AI helpers) to scrape and exfiltrate prompts, responses, and session tokens from platforms like ChatGPT, risking corporate intellectual property.

Why is MSBuild.exe being abused by attackers?
MSBuild.exe is a legitimate Microsoft tool. Attackers use it to compile and execute malicious code directly in memory, which allows them to bypass traditional security scanners that look for malicious files on the disk.

How can I protect my mobile devices from the Kimwolf botnet?
The primary defense is to ensure that the Android Debug Bridge (ADB) is completely disabled on all devices and that no management ports are exposed to the internet or untrusted local networks.