Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Industry has quickly developed tools meant to guide and direct frontier LLMs in cybersecurity. Attackers aren’t far behind. The post Forget the model. When it comes to cybersecurity, it’s all about the harness appeared first on CyberScoop.
Dozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. The post Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat appeared first on CyberScoop.
Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]
GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian, […]
Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator JailedThis week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn.
In the latest evolution of automated cyberattacks, threat actors heavily leveraged AI agents to support campaigns against entities in Mexico and Brazil.
TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.
AI-Developed Attack Tooling Generated 'High-Volume, Noisy Workflows'A hacker used Claude and Chat GPT in a cyberattack against a municipal water and sewage utility's operational technology systems in Mexico in January, according to forensic analysis by OT security firm Dragos. The tools "leveraged known techniques and existing vulnerability knowledge."
The Senate’s top Democrat is worried about smaller government entities being left behind as AI models advance hacking risks. The post Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments appeared first on CyberScoop.
Benchmarks Shows Matched Capability, Brittle ReasoningTwo artificial intelligence models from competing labs have essentially the same offensive cyber capability level, with consistent reasoning failures that the cyber scores alone do not capture. OpenAI's GPT-5.5 and Anthropic's Mythos Preview now deliver near-identical offensive cyber performance.
Mythos a Turning Point, Say Lawmakers in Missive to European CommissionDozens of European lawmakers are pressing the European Commission to act quickly to protect the continent's cybersecurity, due to the advent of new AI models that have considerable hacking prowess.
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to buy Pokémon cards
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]
Two reports from former high-level U.S. cyber officials and the UK government’s top AI research institution reveal how top defenders think about the tool’s hacking capabilities. The post Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos appeared first on CyberScoop.
The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted. The post OpenAI’s Mac apps need updates thanks to the Axios hack appeared first on CyberScoop.
Car Hacking Village's Ghali on Automotive Security for AI-Driven Mobility EcosystemAs vehicles evolve into connected, software-defined systems, cybersecurity risks now extend beyond the car itself. Kamel Ghali, vice president at Car Hacking Village, explains why threat modeling, AI safety and ecosystemwide visibility are critical in modern automotive security.
Newly Minted Unicorn Says AI-Driven Attacks Force Shift to Continuous Pen TestingXbow has raised $120 million in Series C funding after proving its autonomous AI hacking platform can outperform human pen testers. CEO Oege de Moor says the rise of AI-driven cyberattacks is forcing enterprises to test systems continuously rather than periodically.
Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.…