HackerFeeds

CyberSecurity News

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

The Hacker News
· July 17, 2026

AI summary

A newly discovered Go botnet, known as NadMesh, has been targeting exposed AI services since early July. The botnet's operator claims to have collected 3,811 unique AWS keys. NadMesh uses a Shodan harvester to identify potential targets, focusing on services such as ComfyUI, Ollama, and Gradio, which are often quickly set up but may not be properly firewalled. These services include image generators, local model runners, and workflow builders. The botnet appears to be searching for cloud keys and Kubernetes tokens. The operator's dashboard provides a counter to track the number of collected keys.

Read the full article at The Hacker Newsthehackernews.com/2026/07/new-nadmesh-botnet-hunts-exposed-ai.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens — CyberSecurity News | HackerFeeds