This week in technology news, CrowdStrike has introduced Project QuiltWorks, a significant initiative aimed at leveraging AI to counter the growing threat of AI-accelerated vulnerability exploitation. Concurrently, cybersecurity researchers have identified "GopherWhisper," a new China-aligned advanced persistent threat group actively targeting the Mongolian government with sophisticated Go-based malware. In enterprise AI, IBM Research is integrating vLLM into its RITS platform to enhance and accelerate access to large language models for businesses, while Delivery Hero has launched Herogen, an autonomous AI agent designed to boost engineering productivity.
CrowdStrike Launches Project QuiltWorks to Combat AI-Accelerated Vulnerability Exploitation
CrowdStrike has announced the launch of Project QuiltWorks, an industry coalition aimed at addressing the rapidly shrinking window between AI-discovered vulnerabilities and their exploitation. The initiative, formed in partnership with Accenture, EY, IBM Cybersecurity Services, Kroll, and OpenAI, seeks to leverage frontier AI models from OpenAI and Anthropic to detect complex flaws like logic bugs, design flaws, and exploit paths that often elude traditional security tools. This collaboration highlights a critical shift in cybersecurity, where AI's ability to quickly identify and potentially exploit vulnerabilities necessitates a more proactive and integrated defense strategy.
The core offering of Project QuiltWorks is the Frontier AI Readiness and Resilience Service, designed to provide assessments, prioritize risks using data from CrowdStrike's Falcon platform, and guide remediation efforts. CrowdStrike CEO George Kurtz emphasized that the time between vulnerability discovery and exploitation has collapsed from weeks to mere minutes, underscoring the urgency of this new approach. The coalition will utilize a network of over 10,000 certified professionals to facilitate enterprise-scale remediation, ensuring that identified vulnerabilities are not only detected but also effectively patched.
This development comes amidst growing concerns about the dual-edged nature of AI in cybersecurity. While AI models like Anthropic's Mythos are proving incredibly effective at uncovering thousands of previously unknown software vulnerabilities, their power also raises the risk of malicious actors leveraging similar capabilities. The rapid pace of AI-driven vulnerability discovery is creating a "flood of patches" that organizations, particularly those managing critical infrastructure like hospitals and banks, struggle to implement promptly without disrupting operations. Project QuiltWorks aims to provide a structured response to this challenge, moving beyond reactive vulnerability management to a more predictive and AI-enhanced ecosystem.
New China-Linked APT "GopherWhisper" Targets Mongolian Government with Go-Based Malware
A newly identified China-aligned Advanced Persistent Threat (APT) group, dubbed "GopherWhisper" by ESET researchers, has been actively targeting Mongolian government institutions since at least November 2023. This group employs a sophisticated toolkit primarily written in Go, utilizing custom loaders, injectors, and multiple backdoors to maintain persistent access and control over compromised systems. The discovery highlights an evolving cyber-espionage operation with a structured approach to infiltration.
GopherWhisper's tactics include leveraging legitimate platforms such as Discord, Slack, Outlook, and file.io for command-and-control (C2) communications and data exfiltration. Researchers gained insight into the group's activities by accessing API tokens, revealing a wide array of C2 messages. The use of legitimate services for malicious purposes makes detection more challenging, as their network traffic can blend in with normal organizational activity.
One of the key backdoors identified is "LaxGopher," a Go-based tool that enables command execution, data exfiltration, and the deployment of additional payloads. The group's reliance on Go-based malware is notable, as it offers cross-platform compatibility and can be more difficult to analyze than traditional malware. This new threat underscores the persistent and evolving nature of state-sponsored cyber-espionage, particularly targeting governmental entities in strategic regions.
—SECTION—
HEADING: "Fast16" Malware: A Pre-Stuxnet Cyber Sabotage Framework Uncovered
CATEGORY: Malware & Threats
BODY:
Cybersecurity researchers at SentinelOne have unearthed "fast16," a previously undocumented Lua-based malware framework dating back to 2005, predating the infamous Stuxnet worm by at least five years. This discovery significantly re-evaluates the historical timeline of sophisticated cyber sabotage operations, indicating that state-backed tooling against physical targets was fully developed and deployed earlier than previously thought. Fast16 primarily targeted high-precision calculation software, aiming to tamper with results and produce inaccurate calculations across entire facilities.
The fast16 framework is notable for being the first known Windows malware to embed a Lua engine. Its design combined a stable execution wrapper with encrypted, task-specific payloads, creating a reusable and compartmentalized system adaptable to various target environments. Analysis of its patching engine suggests potential targets included engineering and simulation suites like LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform.
This revelation highlights the long-standing development of cyber warfare capabilities and the continuous need for vigilance against advanced persistent threats, even those with historical roots. The ability of fast16 to modify executable code as it's read from disk, via a kernel driver, demonstrates a high level of sophistication for its time, emphasizing the enduring challenge of defending against deeply embedded and stealthy cyber weapons.
—SECTION—
HEADING: GlassWorm Supply Chain Attack Escalates with 73 New "Sleeper" Extensions
CATEGORY: Supply Chain Security
BODY:
The GlassWorm supply chain attack, which targets the Open VSX marketplace, has intensified with the identification of 73 new "sleeper" extensions in April 2026. This marks a significant evolution in how threat actors distribute malware to software developers, following a previous wave of 72 malicious Open VSX extensions discovered in March 2026. These "sleeper" extensions initially appear benign, building trust and accumulating downloads before being weaponized through subsequent software updates.
Attackers are employing new tactics to evade security scans, with the malicious code no longer directly visible in the extension's source. Instead, the extensions act as thin loaders to fetch external payloads, utilizing native binaries hidden within the extension code to download malicious .vsix files for IDEs like VS Code and Cursor. This sophisticated approach makes detection more challenging and increases the risk of developers unknowingly integrating compromised tools into their workflows.
The GlassWorm campaign underscores the critical importance of robust supply chain security measures for software development. Organizations and individual developers must exercise extreme caution when downloading extensions and tools, even from seemingly legitimate marketplaces. The evolving nature of these attacks necessitates continuous monitoring and advanced threat detection capabilities to mitigate the risks posed by compromised development environments.
Delivery Hero Unveils Herogen, an Autonomous AI Agent Boosting Engineering Output
Delivery Hero, a leading global delivery platform, has introduced "Herogen," an advanced autonomous software delivery agent designed to significantly enhance engineering output. Built in-house using industry-leading Large Language Models (LLMs), Herogen is already capable of delivering an annual coding output equivalent to 130 senior engineers, with its capacity rapidly expanding. This development highlights a growing trend in enterprise AI where companies are leveraging autonomous agents to streamline complex software development workflows and achieve unprecedented levels of productivity.
The introduction of Herogen signifies a critical shift from AI as a supplementary tool to AI as an autonomous, goal-driven executor within the enterprise. This agentic AI system is designed to plan, call tools, and complete goals across various enterprise services, demonstrating bounded autonomy with verifiable controls. The success of such an agent underscores the importance of integrating permission boundaries, confidence thresholds, tool access control, and escalation paths into AI architecture from the outset to ensure viability and prevent governance gaps.
For businesses, Herogen's capabilities illustrate the transformative potential of AI agents in accelerating software development cycles and reducing operational costs. By automating significant portions of the coding process, companies can reallocate human talent to more strategic and innovative tasks, fostering a more efficient and agile development environment. This move by Delivery Hero sets a precedent for how other enterprises might adopt similar AI-driven solutions to optimize their engineering resources and maintain a competitive edge in the rapidly evolving technology landscape.
IBM Research Integrates vLLM into RITS Platform to Accelerate Enterprise LLM Access
IBM Research has integrated vLLM into its Research Inference & Tuning Service (RITS) Platform, a strategic move aimed at democratizing access to large language models (LLMs) across its global research community. Launched in late 2024, the RITS Platform provides centralized, shared access to model inferencing and tuning endpoints. This integration is designed to streamline how IBM's research teams experiment with and deploy the latest LLMs, ultimately accelerating research velocity and reducing redundant efforts.
The adoption of vLLM within the RITS Platform signifies a broader industry trend towards centralized, scalable AI infrastructure. For enterprises, this approach addresses the critical need to balance innovation with cost-effectiveness and robust governance in their AI strategies. By abstracting away operational complexities, such platforms make state-of-the-art AI more accessible to a wider range of non-specialist employees, fostering greater experimentation and deployment.
This development has significant implications beyond IBM, as other large organizations grapple with scaling AI initiatives without fragmenting control or incurring exorbitant costs. The focus on shared infrastructure and service models highlights that factors like access, governance, and rapid iteration are becoming as crucial as raw model performance in enterprise AI adoption.
The move by IBM Research underscores a shift in enterprise AI towards platforms that prioritize efficient access and management of LLMs. This strategy can help organizations overcome common challenges in AI adoption, such as the gap between pilot projects and production-grade systems, and the need for clear ROI in AI investments.
ESET Uncovers New China-Aligned APT Group "GopherWhisper" Targeting Mongolia
Cybersecurity researchers at ESET have identified a new China-aligned Advanced Persistent Threat (APT) group, dubbed "GopherWhisper," which has been actively targeting governmental institutions in Mongolia. This newly documented group employs a sophisticated toolkit primarily written in Go, utilizing various injectors, loaders, and custom backdoors such as LaxGopher, RatGopher, BoxOfFriends, and SSLORDoor. The discovery highlights the persistent and evolving nature of state-sponsored cyber espionage campaigns.
A notable aspect of GopherWhisper's operations is its abuse of legitimate messaging services like Discord, Slack, and Microsoft 365 Outlook for command and control (C2) communications and data exfiltration. ESET's analysis of the group's C2 traffic, including logs from their Slack and Discord servers, provided critical insights into their internal operations and post-compromise activities. This tactic of leveraging widely used platforms allows the APT group to blend in with normal network traffic, making detection more challenging for targeted organizations.
The use of Go-based malware is also a significant trend, as the language offers advantages in cross-platform compatibility and evasion. While the primary victim identified is a Mongolian governmental entity, ESET's research suggests that dozens of other victims may have been affected, though their specific locations and sectors remain unknown. This new intelligence underscores the ongoing threat posed by nation-state actors and the critical need for robust threat intelligence and defensive strategies, particularly for government and critical infrastructure sectors.
The emergence of GopherWhisper reinforces the broader pattern of China-linked threat actors shifting from individually procured infrastructure to large-scale covert networks and botnets, as noted by the National Cyber Security Centre (NCSC). This strategic evolution in adversary tactics demands that organizations move beyond traditional security measures and adopt continuous verification and real-time vulnerability intelligence to counter sophisticated, AI-enhanced attacks.
Sources
- wfmd.com
- unn.ua
- securityweek.com
- securityaffairs.com
- cybersecuritynews.com
- thehackernews.com
- tblocks.com
- futurumgroup.com
- writer.com
- industrialcyber.co
- helpnetsecurity.com
- substack.com
You must be logged in to post a comment.