Cyber Threats Evolve with AI, Exploiting Vulnerabilities

TITLE: Cyber Threats Evolve with AI, Exploiting Vulnerabilities
SUBTITLE: Recent attacks highlight the growing role of AI in cybersecurity and the need for adaptive defense strategies
EXCERPT: From AI-powered botnets to geometry-based evasion techniques, cyber threats are becoming increasingly sophisticated, exploiting vulnerabilities in routers, HR workflows, and endpoint management software.

Cyber threats are evolving rapidly, with artificial intelligence (AI) playing a significant role in both the offense and defense. Recent attacks have highlighted the need for adaptive defense strategies that combine human expertise with AI-driven solutions.

What Happened

A newly discovered botnet malware called KadNap has been targeting ASUS routers and other edge networking devices to create a proxy network for malicious traffic. The botnet has grown to 14,000 devices since August 2025, with nearly half of the infected devices connected to command-and-control (C2) infrastructure dedicated to ASUS-based bots. Meanwhile, researchers have identified a new evasion technique used by malware developers, which employs geometry-based human-verification tests to remain undetected.

In another development, a campaign by Russian-speaking cyberattackers has been hijacking HR workflows to deliver security-busting malware, allowing attackers to steal data without detection. The attackers, known as "BlackSanta," have been targeting companies in the United States and Europe.

Why It Matters

The evolving threat landscape, augmented by AI, poses significant challenges for organizations. Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) need to understand the threat landscape and map their assets to identify vulnerabilities. As Jakub Debski, Chief Product Officer at ESET, notes, "It's not AI vs AI, but 'Human + AI' vs 'Human+AI'. And who has better people, processes, and technology will win."

What Experts Say

> "Attackers are pivoting away from bold 'smash-and-grab' breaches in favor of sneakier 'death by a thousand cuts' approaches." — Sila Ozeren Hacioglu, Security Research Engineer at Picus Security.

Key Numbers

• 14,000: The number of devices infected by the KadNap botnet.
• 60%: The percentage of infected devices located in the United States.
• 1.1 million: The number of malicious files analyzed by the Picus Red Report 2026.
• 15.5 million: The number of actions mapped to MITRE ATT&CK in the Picus Red Report 2026.

Background

The Cybersecurity and Infrastructure Security Agency (CISA) has flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks. The vulnerability, tracked as CVE-2026-1603, can be exploited by remote threat actors to bypass authentication and steal credential data.

What Comes Next

As cyber threats continue to evolve, organizations must adapt their defense strategies to stay ahead of the attackers. This includes investing in AI-driven solutions, improving threat intelligence, and enhancing human expertise. By combining these elements, organizations can build robust cyber resilience and protect themselves against increasingly sophisticated attacks.