Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data
Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor. Palo Alto Networks Unit 42 researchers published a detailed report on a Chinese-speaking threat actor, tracked as CL-STA-1062, that has been running persistent operations across East Asia since at least March 2022 and shifted focus to Southeast Asian […]
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously […]
Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework
CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday. The coordinated effort involved the simultaneous takedown of four attacker-controlled servers that were designed to […] The post CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain appeared first on CyberScoop.
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. The post CISA chief frets about open-source vulnerabilities, delayed security improvements appeared first on CyberScoop.
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop.
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit
The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself. The post ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack appeared first on CyberScoop.
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]
Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply chain risk.
Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…
Time to start dropping SBOMs FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won't know the full blast radius for months.…
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. [...]
Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.…
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]
An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.