Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government […]
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts
The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at ScaleSecurity firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox.
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]
Persistent Attack Grants Remote SSH Access via ExploitSomeone - possibly nation-state hackers - appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers.
Integrity Technology Group Built Botnet for Chinese Hackers, US Treasury SaysThe Department of Treasury blacklisted Integrity Technology Group, declaring transactions with the company to be off-limits for U.S. financial institutions and persons. The effect will likely have more symbolic than actual disruptive effect.
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. [...]
Hackers Using Password Spraying to Steal User Microsoft Account CredentialsMultiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.
Also: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to LightThis week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S. charges, Cisco warned of a data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.
Also: Omni Hack Exposed Customer Data and More Ivanti VulnerabilitiesThis week, police took down the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities, a Moldovan botnet operators faces U.S. charges, Cisco warned of data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [...]
APT28 Used Hacked Ubiquiti Routers for Hashed Password Relay AttacksA campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. disrupted a botnet built by a hacking unit of Russian military's Main Intelligence Directorate.
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign
The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. [...]
A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. [...]
The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers. [...]
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. [...]
"Cyclops Blink" operation disabled firewalls behind the Sandworm hacking team's network of infected victim devices.