Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-15 13:00 PDT
- TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
The Hacker News • 2026-07-15 11:43 • thehackernews.com
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results.“While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed
https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html - Google Gemini CLI abused as a hacking agent, malware botnet operator
BleepingComputer • 2026-07-15 11:33 • www.bleepingcomputer.com
A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. […]
https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/ - AsyncAPI npm packages infected with credential-stealing malware
BleepingComputer • 2026-07-15 08:37 • www.bleepingcomputer.com
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. […]
https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/ - OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
The Hacker News • 2026-07-15 08:30 • thehackernews.com
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase.On an infected PC, the request comes from inside the wallet’s own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and
https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html - We built a vulnerability vending machine: AI tokens in, zero-days out
BleepingComputer • 2026-07-15 07:01 • www.bleepingcomputer.com
Intruder built an AI-powered “vulnerability vending machine” that combines code slicing with LLMs to automatically discover complex software vulnerabilities. The company explains how the system found and exploited a previously unknown WordPress plugin zero-day, with additional discoveries already under responsible disclosure. […]
https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
