Categories Breaking News

Breaking News – Cyber Threats – 2026-07-15 13:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-15 13:00 PDT

  • TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
    The Hacker News • 2026-07-15 11:43 • thehackernews.com
    Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results.

    “While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed
    https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html

  • Google Gemini CLI abused as a hacking agent, malware botnet operator
    BleepingComputer • 2026-07-15 11:33 • www.bleepingcomputer.com
    A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. […]
    https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/
  • AsyncAPI npm packages infected with credential-stealing malware
    BleepingComputer • 2026-07-15 08:37 • www.bleepingcomputer.com
    Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. […]
    https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/
  • OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
    The Hacker News • 2026-07-15 08:30 • thehackernews.com
    A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase.

    On an infected PC, the request comes from inside the wallet’s own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and
    https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html

  • We built a vulnerability vending machine: AI tokens in, zero-days out
    BleepingComputer • 2026-07-15 07:01 • www.bleepingcomputer.com
    Intruder built an AI-powered “vulnerability vending machine” that combines code slicing with LLMs to automatically discover complex software vulnerabilities. The company explains how the system found and exploited a previously unknown WordPress plugin zero-day, with additional discoveries already under responsible disclosure. […]
    https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like