Fetching from the wire…
Top 5 · 2026-03-08 · source-backed
Bitdefender documented Pakistan-aligned APT36 using LLMs to mass-produce malware in 7 languages (Nim, Zig, Crystal, Rust, Go, C#, .NET). They call the strategy "Distributed Denial of Detection" (DDoD) — flooding targets with disposable polyglot binaries to overwhelm signature-based detection. Malware families use Slack, Discord, Supabase, and Google Sheets as C2. This is fundamentally different from CyberStrikeAI: that was AI-augmented attacks with existing tools; this is AI-generated attack tools at scale. What to do: Your EDR must shift to behavioral process monitoring. Signature matching is now obsolete for this threat class. Monitor for outbound connections to Slack/Discord/Supabase from unsigned binaries. Bitdefender | The Hacker News
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic / Earlier coverage
Both cover APT36, Bitdefender, Crystal, Discord; cite the same source (The Hacker News); overlapping topics (apt36, binary, bitdefender, call, discord).
OpenClaw supports Slack / Shared entities / Same source domain / What happened next
Linked by a graph relationship (OpenClaw supports Slack); both cover Bitdefender, Discord, The Hacker News; reported by the same outlet (thehackernews.com).
CyberStrikeAI uses DeepSeek / Shared entities / Same source domain / Shared topic / Earlier coverage
Linked by a graph relationship (CyberStrikeAI uses DeepSeek); both cover CyberStrikeAI, The Hacker News; reported by the same outlet (thehackernews.com).