Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Governments Cite Winter Hack of Polish Power Grid and CyberespionageA winter Russian intelligence hack of the Polish energy grid and a protracted campaign of cyberespionage are behind coordinated sanctions against Moscow's intelligence apparatus announced Monday by the European Union and the United Kingdom.
The European Union and the United Kingdom jointly sanctioned dozens of Russian individuals and entities and accused Russia of coordinating a network of hacking groups responsible for attacks across Europe. [...]
Ukraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States. […]
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy
The phone-cracking firm broke off from its deal with Russia, but Citizen Lab said that didn’t stop authorities from surveilling Andrey Pivovarov. The post Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract appeared first on CyberScoop.
Also: Zcash Patches Flaw, $32M Humanity Protocol HackThis week, a key player in a $97M laundering scheme got prison time, Humanity Protocol suffered $32M in losses, Zcash patched a flaw, the EU targeted crypto platforms tied to Russia, authorities froze $3.8M in illicit funds and researchers exposed a Trezor chip weakness.
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation
GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian, […]
Reform UK leader alleges Moscow broke into his phone and leaked £5M gift story, but security specialists await evidence
Hey, Gemini, how much can we earn from one pump-and-dump cycle?
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts
Suspects accused of distributing malware and selling access to stolen Roblox accounts on Russian marketplaces
Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal HitThis week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.
Nation-State Hits Now Comprise Majority of Serious Incidents Probed by GovernmentBritish intelligence officials said they investigate about four major incidents per week, with the majority involving nation-state actors. Officials said the shape and scope of how cyberattacks are being wielded by the nation's adversaries continues to change as fast as the technology evolves.
Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key ActivityThis week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K.
Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. [...]
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL