The Kenny G Perspective

The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.

🚨🇧🇷 A cybersecurity researcher from Brazil exposed a large scale scam operation by buying a "Ledger" hardware wallet off a Chinese marketplace — suspiciously cheap and the packaging looked original from a distance. Here's what he found after cracking the thing open: The "hardware wallet" Inside the shell was a completely different chip — the kind you'd find in a cheap IoT gadget, not a wallet designed to protect your crypto. The markings had been physically sanded off to hide what it actually was. The firmware pretended to be a real Ledger version that doesn't even exist (Ledger Nano S+ V2.1). And here's the kicker: every seed phrase and PIN you'd type into it was stored in plain text and sent straight to the attacker's server (kkkhhhnnn[.]com). Instantly... It was built to drain wallets across ~20 different blockchains. The fake app The seller kindly included a "Ledger Live" app to go with it. It was a modified copy — not even signed properly, the attackers didn't bother with the basics — and it silently siphoned off data the moment you used it. Just when you thought this was it, the same crew is also pushing malware for Windows, macOS, and even iOS — using TestFlight to sneak past Apple's App Store review entirely. The researcher has sent a full report to Ledger's security team. A deeper technical breakdown is expected once they've finished their analysis. This was shared on Reddit by u/Past_Computer2901

🚨 Andrej Karpathy just explained the scariest thing happening in software right now.. someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine.. SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything.. and here's the part that should terrify every developer alive.. the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks.. one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen.. Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned.. vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.