Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
NadMesh Botnet Exploits AI Services for Cloud Credentials

NadMesh Botnet Exploits AI Services for Cloud Credentials

Posted on July 17, 2026 By CWS

The NadMesh botnet, which emerged in early July, has been actively targeting exposed AI services to extract valuable cloud credentials and Kubernetes tokens. According to a report by QiAnXin’s XLab, the botnet’s dashboard indicates the collection of 3,811 unique AWS keys, raising concerns about the security of AI services.

Botnet Activity and Targeted Services

Utilizing a Shodan harvester, the NadMesh botnet continuously scans for AI services like ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio. These services, often quickly deployed and inadequately secured, offer an attractive target for cybercriminals. The botnet’s data collection includes 47 credential hauls and 41 model inventories, indicating an expansive reach beyond mere service exploitation.

Insights from XLab’s Report

XLab’s analysis of the NadMesh botnet reveals discrepancies in the operator’s dashboard metrics, with a total of 17,700 deployments recorded against a claim of 95,700 in a single day. The report highlights the botnet’s focus on obtaining cloud keys, Kubernetes privileges, and other sensitive data from configuration files.

Interestingly, the botnet prioritizes exploiting MCP services over Kubernetes and Docker APIs, employing a JSON-RPC call to execute commands. Despite the absence of a CVE for this vulnerability, the report underscores the risk posed by unsecured MCP deployments.

Preventive Measures and Future Outlook

To mitigate the threat posed by NadMesh, it is crucial to secure exposed services and ensure robust authentication mechanisms are in place. Key recommendations include restricting public access to Docker APIs, Jenkins consoles, and other admin functionalities. Additionally, regular patching and monitoring of network activity can help detect and prevent unauthorized access.

As cyber threats evolve, organizations must remain vigilant and proactive in securing their infrastructure. The NadMesh botnet serves as a stark reminder of the need for comprehensive cybersecurity strategies to protect against sophisticated attacks targeting AI and cloud-based services.

Overall, while NadMesh continues to probe and exploit vulnerabilities, understanding its tactics can equip organizations with the knowledge to bolster their defenses and safeguard critical assets.

The Hacker News Tags:AI services, AWS keys, Botnet, cloud credentials, cyber attacks, Cybersecurity, Docker, exposed services, internet security, Jenkins, Kubernetes, Malware, NadMesh, security threats, XLab report

Post navigation

Previous Post: GPT-5.6 Codex: File Deletion Issue Sparks Security Concerns
Next Post: GoldenEyeDog Group Implicated in DigiCert Security Breach

Related Posts

Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account The Hacker News
Iranian Hacker Pleads Guilty in  Million Robbinhood Ransomware Attack on Baltimore Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore The Hacker News
PhantomCore Exploits Russian Video Conferencing Software PhantomCore Exploits Russian Video Conferencing Software The Hacker News
[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them [Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them The Hacker News
Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More The Hacker News
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ransomware Disrupts Fairlife Production in U.S.
  • GoldenEyeDog Group Implicated in DigiCert Security Breach
  • NadMesh Botnet Exploits AI Services for Cloud Credentials
  • GPT-5.6 Codex: File Deletion Issue Sparks Security Concerns
  • Armenia Holds Russian Tourist in Extradition Dispute

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ransomware Disrupts Fairlife Production in U.S.
  • GoldenEyeDog Group Implicated in DigiCert Security Breach
  • NadMesh Botnet Exploits AI Services for Cloud Credentials
  • GPT-5.6 Codex: File Deletion Issue Sparks Security Concerns
  • Armenia Holds Russian Tourist in Extradition Dispute

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark