Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the threat actor
Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. [...]
Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor.
'Coldriver' Has Been Sending Backdoors Embedded in PDFs Since November 2022A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google. "Coldriver" is using a family of backdoors Google dubs Spica.
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. [...]