VulnHub

Real-time Cybersecurity News

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

The Hacker News
SentinelOne

Overview

A recent investigation by SentinelOne SentinelLABS and Censys uncovered 175,000 publicly accessible Ollama AI servers spread across 130 countries. These servers, which are part of an open-source AI deployment, are found in both cloud environments and residential networks. The exposure of these systems poses significant security risks as they operate without proper management or oversight. This unmanaged infrastructure could be exploited by malicious actors for various purposes, including data breaches or launching attacks. Companies and users relying on these servers should take immediate action to secure their systems and limit exposure to potential threats.

Key Takeaways

  • Affected Systems: Ollama AI servers
  • Action Required: Organizations should secure their AI servers by implementing access controls, monitoring network traffic, and ensuring proper configurations are in place to limit exposure.
  • Timeline: Newly disclosed

Original Article Summary

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside the

Impact

Ollama AI servers

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Organizations should secure their AI servers by implementing access controls, monitoring network traffic, and ensuring proper configurations are in place to limit exposure.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to SentinelOne.

Read Original Article

Related Coverage

KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

Security Affairs

KDDI Corporation has reported a significant data breach that affects up to 14.2 million email accounts belonging to users of six Japanese internet service providers. The breach occurred due to attackers exploiting a vulnerability in third-party software used by the company. KDDI, one of Japan's largest telecommunications firms, has a large user base, making this breach particularly concerning. Users of the affected email accounts may face risks such as identity theft and unauthorized access to personal information. The incident raises questions about the security of third-party software and the measures companies take to protect sensitive user data.

Jun 28, 2026

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The latest Security Affairs newsletter includes a warning from the FBI about Russian intelligence agencies utilizing Signal Recovery Keys to intercept and access private messages. This development raises concerns for individuals and organizations relying on encrypted communication for privacy. The hospitality sector has also been noted as a target, suggesting that attackers are expanding their focus beyond traditional sectors. These incidents emphasize the need for vigilance in cybersecurity practices, especially in industries handling sensitive information. Organizations should reassess their security measures to better protect against such sophisticated tactics.

Jun 28, 2026

Data breach exposes up to 14.2 million email logins at six ISPs

BleepingComputer

KDDI Corporation, a major telecommunications provider in Japan, has reported a significant data breach affecting its email system, which is also used by five other internet service providers (ISPs). The breach has exposed up to 14.2 million email logins, putting users' personal information at risk. KDDI did not specify how the attackers gained access or whether any sensitive data beyond email logins was compromised. This incident raises concerns about the security measures in place at ISPs and the potential for increased phishing attacks targeting affected users. As the investigation continues, users are advised to change their passwords and remain vigilant against suspicious communications.

Jun 28, 2026

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Hacker News

The Security Service of Ukraine (SSU) and the FBI have exposed a campaign by Russian intelligence aimed at infiltrating the messaging accounts of various individuals, including government officials, military personnel, and activists in Ukraine, Europe, and the U.S. The attackers used fake support texts to trick victims into revealing their messaging credentials. This operation is part of a broader strategy to gather sensitive information and undermine trust among key figures in these regions. The implications are significant, as such breaches can lead to the exposure of critical communications and potentially jeopardize national security and public safety.

Jun 27, 2026

Chinese Framework Powers 200,000 Scam Sites

SecurityWeek

A recent report reveals that over 200,000 scam websites are using templates generated by a legitimate Chinese framework called DCloud Uni-App. Attackers are exploiting this toolkit to create investment scam sites that trick users into giving away money. This issue is significant because it highlights how easily legitimate software can be misused for fraudulent purposes, putting countless individuals at risk. As these scams proliferate, it becomes crucial for internet users to be vigilant and recognize potential red flags in online investment opportunities. Companies and regulators need to consider stronger measures to combat such deceptive practices.

Jun 27, 2026

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

darkreading

Recent breaches involving third-party vendors have put educational institutions on high alert regarding the security of student data. As ransomware attacks become more common, schools and universities are increasingly recognizing the risks associated with relying on external vendors for services. These incidents have revealed vulnerabilities that can expose sensitive information, prompting institutions to strengthen their cybersecurity measures. The need for schools to assess and manage vendor risk is more crucial than ever, as attackers often target less secure third-party systems to gain access to larger networks. This situation not only threatens the privacy of students but also can lead to significant financial and reputational damage for educational organizations.

Jun 27, 2026