LIVE FEED
HalluSquatting Exploits AI Hallucinations for Botnet RCE

HalluSquatting Exploits AI Hallucinations for Botnet RCE

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 SecurityWeek

Researchers have demonstrated a novel attack technique called 'HalluSquatting', which weaponises AI hallucinations by registering fake package names that LLMs fabricate, turning them into malware delivery vectors. When developers trust AI-recommended dependencies and install the squatted packages, attackers can achieve remote code execution and potentially recruit victim machines into botnets. The technique represents a significant escalation in the practical exploitation of LLM hallucinations beyond misinformation into active infrastructure compromise.

ComfyUI RCE Exploited in Cryptomining Botnet Campaign

ComfyUI RCE Exploited in Cryptomining Botnet Campaign

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

Threat actors are actively exploiting internet-exposed ComfyUI instances — a popular AI image generation platform — by abusing its custom node execution feature to achieve unauthenticated remote code execution. Over 1,000 publicly accessible instances have been identified as targets, with compromised hosts enrolled in Monero and Conflux cryptomining operations and a Hysteria V2 proxy botnet. The attack highlights critical supply chain and insecure plugin design risks inherent in AI/ML tooling ecosystems.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.