logo

We built a vulnerability vending machine: AI tokens in, zero-days out

ID: cda5d522-6ef7-5320-9862-08696b0b76b5

STIX ID: report--cda5d522-6ef7-5320-9862-08696b0b76b5

Feed Name: Bleeping Computer

Threat Score
75/100

Date Published: 2026-07-15

Date Updated: 2026-07-15

Author: Sponsored by Intruder

...
...

Intruder describes a pipeline that uses Joern-based program slicing and LLM agents to triage and automatically exploit code slices; the system discovered a blind SQL injection (CVE-2026-3985) in the widely used Creative Mail WordPress plugin that can expose database contents (including admin hashes and tokens) when WooCommerce is present, and the plugin has been removed pending remediation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.