ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Cybersecurity

NadMesh Go botnet probes exposed AI apps for cloud keys and K8s tokens

Source headline: New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

Threat level Critical
Signal strength 80/100
Source confidence 1 source
Published 1 day ago

Intelligence Summary

A Go-based botnet, NadMesh, has been observed scanning the internet for exposed AI services. The campaign targets endpoints that may leak access to cloud credentials, including AWS keys, and Kubernetes tokens. An accompanying dashboard claimed thousands of unique AWS keys tied to the operator’s findings. The botnet reportedly uses a Shodan-driven harvesting approach to keep the scan queue populated. Organizations running AI tools such as ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio should review public exposure and tighten access controls.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#botnet #cloud-credentials #exposed-ai-services #kubernetes-tokens #nadmesh #shodan
Original reporting The Hacker News New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
Open original source