ThreatIntel

Theme: Cybercrime / Supply Chain / AI-Driven Social Engineering / Exploited Vulnerabilities Audience: Novice → Pro 💡 | Mode: Learn + Play 🎮 🔍 Story 1: Zendesk Ticket Systems Hijacked in Massive Global Spam Wave What happened 🧠 Attackers abused unsecured Zendesk support ticket systems to send out huge volumes of automated spam emails from…

Focus: what happened, key technical concepts, what it looks like in real orgs, plus an XP Quest per story 🎮 1) Google Gemini + Calendar Invites → Indirect Prompt Injection + Data Exposure What happened 🧠📅 Researchers found an indirect prompt injection path where an attacker can hide instructions inside a Google Calendar invite, and…

🔗 Sources https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html The Security Paradox: New Study Reveals 69 Vulnerabilities in AI-Generated Apps VCs Invest Billions in AI Security to Combat Rogue Agents by 2026 Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections https://www.infosecurity-magazine.com/news/malicious-google-chrome-extension/ 🧠 Today’s TL;DR (What happened) AI / Prompt Injection (Gemini + Calendar):…