ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated

The ThreatsDay bulletin describes a mix of issues including bad plugins, recycled vulnerabilities, fake tools, and trusted applications acting maliciously, alongside reports that AI agents are now contributing to real system failures and operational disruptions.[2] It characterizes an environment where low-skill attackers gain access to increasingly capable tools, including AI-driven components that can be misused or misconfigured.[2] From a CyberSE.AI perspective, this highlights a growing risk that inadequately tested or governed AI agents can be subverted, behave unpredictably in complex environments, or be chained with shady tooling to amplify impact. Organizations should subject their AI agents to continuous red teaming focused on abuse paths, unsafe tool use, and failure modes in real workflows, and integrate those findings into hardening, monitoring, and guardrail design.