contact@trustinfinitech.com (573) 234-6540

Weaponized AI, Zero-Days, and The Gold Eagle Initiative

Welcome to this week’s cybersecurity roundup. This week has highlighted the intense duality of modern technology: while cybercriminals are now using open-source AI tools as autonomous hacking agents and deploying novel malware through trusted applications, the US government is officially bringing AI into its national cyber defense strategy.

The contrast is stark. On one side, attackers are leveraging frontier AI models to automate infrastructure attacks and bypass security filters at scale. On the other, the federal government is coordinating AI-driven vulnerability discovery and remediation across critical infrastructure.

For Missouri businesses, the message is clear: AI has become a weapon and a shield. The question is which side you’re on.


White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative

The White House has officially launched “Gold Eagle,” a new coordination mechanism designed to accelerate the detection, prioritization, and patching of software vulnerabilities within US critical infrastructure. Stemming from President Trump’s June AI-focused Executive Order, the initiative pairs open-source software maintainers with critical infrastructure operators and leverages frontier AI models to rapidly scan and audit government software.

Working alongside CISA and the Treasury Department, the program aims to eliminate duplicate vulnerability scanning across agencies and route actionable remediation guidance directly to defenders. This marks a significant step toward placing federal cybersecurity on a “wartime footing” by integrating advanced AI into national defense operations.

The implication is important: the federal government is acknowledging that traditional vulnerability management can’t keep pace with the volume and speed of threats. AI-driven scanning and coordination are now seen as essential infrastructure, not a future capability. For private-sector organizations, this signals where the industry is heading. Automation and AI-driven threat detection are becoming baseline expectations, not differentiators.

Read more: https://www.securityweek.com/white-house-launches-ai-driven-gold-eagle-vulnerability-coordination-initiative/


Google Gemini CLI Abused as a Hacking Agent and Botnet Operator

A Russian-speaking threat actor known as “bandcampro” has been caught using Google’s open-source Gemini CLI AI tool as an autonomous hacking agent and botnet operator. Over a two-month span, the attacker prompted the AI agent to troubleshoot problems, migrate command-and-control infrastructures, and operate a botnet that compromised a dental clinic.

Operating without safety guardrails, the AI agent successfully migrated the attacker’s C2 infrastructure—including architecture, coding, and VPS deployment—in just six minutes. This incident illustrates a chilling new reality where attackers are using natural-language requests to instruct AI to build, debug, and manage malicious infrastructure on the fly.

The threat is both practical and philosophical. Practically, attackers now have an AI assistant that can help them with coding, systems administration, and infrastructure management. Philosophically, it raises uncomfortable questions: once AI models are capable enough, is restricting their use to “approved” purposes even feasible? This incident suggests the answer may be no. The same models powering Gold Eagle can be weaponized by anyone with API access and basic prompt engineering skills.

Read more: https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/


Russian Hackers Trojanize WebEx and Zoom Apps to Push Starland Malware

A financially motivated Russian threat actor is distributing a newly discovered remote access trojan called “Starland” by hiding it inside trojanized installers for popular legitimate software like WebEx, Zoom, and MobaXterm. The attack begins when a user downloads the compromised installer, which drops a Python loader disguised as a license file.

Once decrypted, the Starland RAT establishes persistence, checks for sandbox environments, and begins hunting for browser credentials, Active Directory data, and cryptocurrency wallets. The malware also drops secondary payloads like CastleStealer and Remcos RAT. Notably, the group uses an undocumented PowerShell C2 framework that binds its malicious payload directly to the victim’s hardware identifier, making it particularly difficult to detect and analyze.

The attack surface is the download itself. Users believe they’re installing legitimate software from trusted vendors. Instead, they’re installing malware. This bypasses traditional email security, network monitoring, and even many endpoint protections—the user actively chose to run the installer. By the time detection occurs, the malware may have already harvested credentials and established persistence.

Read more: https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/


1M+ Emails Use Hidden Text to Dupe AI Security Filters

Hackers have successfully bypassed both traditional and AI-powered email security filters by reviving an old trick: text salting. Since April, researchers at Barracuda Networks have observed over one million retail-themed phishing emails that use “hidden text” to confuse security algorithms.

By injecting innocuous words or long passages of unremarkable text into their spam—and shrinking the font size to zero or overflowing the text off-screen so the human target never sees it—attackers are forcing security gateways to categorize the emails as safe. The rapid scale of these campaigns is being fueled by large language models, which allow hackers to generate and salt text much faster than before, exposing a significant blind spot in modern AI-based content analysis engines.

The irony is direct: AI-powered email security is being evaded by AI-powered text generation. As security gets smarter, attackers leverage the same tools to get smarter faster. This is an arms race where both sides have access to the same foundational technology.

Read more: https://www.darkreading.com/threat-intelligence/1m-emails-hidden-text-dupe-ai-security-filters


Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has issued an urgent warning to customers regarding two zero-day vulnerabilities affecting its SMA 1000 series appliances, both of which are actively being exploited in the wild. While specific CVE details were withheld to protect unpatched systems, the company confirmed that one of the flaws could allow an unauthenticated attacker to execute administrative commands on the device.

This provides a direct path for threat actors to completely compromise the secure remote access gateways used by enterprise workers. Organizations relying on SonicWall SMA 1000 series devices are urged to apply the provided emergency patches immediately, as edge devices and VPN gateways remain high-priority targets for initial access brokers and ransomware gangs.

For any organization running SonicWall SMA 1000 appliances, this is a critical alert. Your VPN gateway is the entry point to your network for remote workers. A compromised gateway gives attackers the same access as a legitimate employee. Patching is urgent. If you haven’t already applied updates, do it now.

Read more: https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html

← Back to News