Monday, February 2, 2026
Latest:

Threatshub.org sponsored-Post

The Register

Open-source AI is a global security nightmare waiting to happen, say researchers

TH Author

Infosec in Brief As if AI weren’t enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers. 

Threat researchers at SentinelLABS teamed up with internet mappers from Censys to take a look at the footprint of Ollama deployments exposed to the internet, and what they found was a global network of largely homogenous, open-source AI deployments just waiting for the right zero-day to come along.

175,108 unique Ollama hosts in 130 countries were found exposed to the public internet, with the vast majority of instances found to be running Llama, Qwen2, and Gemma2 models, most of those relying on the same compression choices and packaging regimes. That, says the pair, suggests open-source AI deployments have become a monoculture ripe for exploitation. 

“A vulnerability in how specific quantized models handle tokens could affect a substantial portion of the exposed ecosystem simultaneously rather than manifesting as isolated incidents,” the duo said in their writeup. 

To make matters worse, many of the exposed Ollama instances had tool-calling capabilities via API endpoints enabled, vision capabilities, and uncensored prompt templates that lacked safety guardrails. Because they’re not managed by a large AI company, SentinelLABS and Censys warned, those exposures likely aren’t being tracked by anyone, meaning exploitation could go unnoticed. 

The greatest risks, per the pair, include resource hijacking due to no centralized oversight, remote execution of privileged operations due to lack of guardrails and exposed API endpoints, and identity laundering by directing malicious traffic through victim infrastructure. 

The key lesson, the pair point out, is to start treating AI, open source or not, like any other critical infrastructure. 

“LLMs are increasingly deployed to the edge to translate instructions into actions,” SentinelLABS and Censys concluded. “As such, they must be treated with the same authentication, monitoring, and network controls as other externally accessible infrastructure.”

Tax data leak means no more Treasury contracts for Booz Allen Hamilton

The US Treasury Department has cut ties with consulting firm Booz Allen Hamilton after an employee stole and leaked confidential tax returns of President Trump and other high-profile Americans, describing the company as unfit to handle sensitive taxpayer data. 

BAH, which until last week had 31 separate contracts with the Treasury Department totaling $4.8 million annually, has been cut off because it “failed to implement adequate safeguards to protect sensitive data, including the confidential taxpayer information it had access to through its contracts with the Internal Revenue Service,” said Secretary of the Treasury Scott Bessent. 

The Treasury said the actions of former BAH employee Charles Littlejohn, who pled guilty to leaking tax information of more than 400,000 US citizens, was a key part of its decision. Littlejohn stole and leaked tax records between 2018 and 2020, most notably those of Donald Trump and Elon Musk. 

Every South Korean government system tested failed to repel pentesters

In late 2024, South Korean officials conducted a simulated cyberattack on several public-facing systems to gauge their resilience. The results were not encouraging. 

The simulated attack, results of which were only just recently made public, saw researchers target seven of the 123 public systems used by the Korean government, and every single one of them was successfully breached. 

They weren’t found to just be breachable, either: One system allowed hackers to query resident registration numbers for nearly the entire Korean population, while another spilled the beans on 10 million people within 20 minutes of access. A third kept critical information in an unencrypted format, allowing a pentester to obtain admin privileges and steal registration numbers of 130,000 people. 

Yikes. 

The Board of Audit and Inspection, which ran the simulated cyberattack, hasn’t disclosed many specifics about how hired hackers breached the systems so as not to encourage anyone to try to break in, nor did they share which specific public systems were tested. 

Fixes have reportedly been deployed as well – hopefully someone bothered to check the other 116 systems to be sure they aren’t a security mess, too. 

Pentesters arrested in Iowa win $600K settlement

A pair of cybersecurity professionals arrested in 2019 and charged with burglary have not only had their charges dismissed, but are now $600K richer after winning a wrongful arrest lawsuit against the county they were hired to assess.

Gary DeMercurio and Justin Wynn were arrested in 2019 after tripping a physical alarm in a Dallas County, Iowa, courthouse, which they were attempting to access as part of their pentest of the county’s systems. 

“[The arrest] sent a chilling message to security professionals nationwide that helping government identify real vulnerabilities can lead to arrest, prosecution, and public disgrace,” Wynn said in a press release put out by his lawyer after the settlement. “That undermines public safety, not enhances it.”

The duo have continued their work in cybersecurity since the incident, and now work together at an adversarial simulation and real-world security testing company DeMercurio founded.

North Korean Labyrinth Chollima evolves into multiple entities

As if dealing with one dangerous North Korean cyber threat wasn’t bad enough, now one of the most prolific has split into three separate but coordinated entities specializing in different forms of digi-crime. 

Labyrinth Chollima has spawned Golden Chollima and Pressure Chollima, Crowdstrike reported last week, which the firm said signals North Korea’s cybercrime client is evolving into a more specialized one designed to pursue multiple objectives simultaneously. 

According to Crowdstrike, Golden Chollima is targeting cryptocurrency and fintech firms in economically developed regions like the US, Europe, and South Korea in a bid to constantly conduct small-value thefts from vulnerable targets. 

While still focusing on financial and crypto targets, Pressure Chollima is where the high-profile heists are happening, and has become what Crowdstrike said is one of North Korea’s “most technically advanced adversaries.”

The original Labyrinth Chollima group, meanwhile, has shifted its focus solely to focus on malware-driven espionage actions, targeting high-profile firms in the defense and manufacturing sectors in the US and elsewhere. 

“Organizations in the cryptocurrency, fintech, defense, and logistics sectors should practice heightened vigilance for DPRK social engineering campaigns, particularly employment-themed lures and trojanized legitimate software delivered via messaging platforms,” Crowdstrike warned. ®

READ MORE HERE