VulnHub

Real-time Cybersecurity News

Honeypots detect threat actors mass scanning LLM infrastructure

SCM feed for Latest
Actively Exploited
Exploit

Overview

Researchers from GreyNoise have reported that their honeypots recorded over 80,000 sessions targeting large language model (LLM) endpoints in just 11 days. These sessions indicate that threat actors are actively scanning for vulnerabilities in LLM infrastructure, which could lead to potential exploitation. The spike in scanning activity raises concerns about the security of systems that utilize LLM technology, as attackers may be seeking to exploit weaknesses for malicious purposes. Companies and organizations using LLMs need to be vigilant and ensure their systems are secure against such probing activities. This incident highlights the growing interest from cybercriminals in exploiting AI technologies.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Large Language Models (LLMs) and associated infrastructure
  • Action Required: Organizations should review their security measures for LLM endpoints, implement rate limiting, and monitor for unusual scanning activity.
  • Timeline: Ongoing since the last 11 days

Original Article Summary

GreyNoise honeypots captured more than 80,000 sessions probing LLM endpoints over the last 11 days.

Impact

Large Language Models (LLMs) and associated infrastructure

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since the last 11 days

Remediation

Organizations should review their security measures for LLM endpoints, implement rate limiting, and monitor for unusual scanning activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit.

Read Original Article

Related Coverage

The US NSA is using Anthropic’s Claude Mythos despite supply chain risk

Security Affairs

The National Security Agency (NSA) is reportedly using Anthropic's Claude Mythos AI model, despite warnings from the Department of Defense about potential supply chain risks. This situation raises concerns about the balance between utilizing AI for defense purposes and the inherent risks that come with integrating third-party technology. The NSA's decision blurs the lines between AI as a necessary tool for national security and the vulnerabilities that can arise from dependency on external software. As AI continues to evolve, this case illustrates the challenges faced by government agencies in ensuring the security of their technological tools while also leveraging their capabilities. The implications of such decisions may affect various sectors, particularly in how AI is adopted in sensitive environments.

Apr 21, 2026

$290 Million Kelp DAO Crypto Heist Blamed on North Korea

SecurityWeek

A significant crypto heist has taken place, resulting in a loss of approximately $290 million from Kelp DAO. The attack is attributed to North Korean hackers who exploited vulnerabilities in LayerZero’s DVN by compromising specific Remote Procedure Calls (RPCs) and launching Distributed Denial of Service (DDoS) attacks on others. This strategy forced the system to switch over to compromised infrastructure, allowing the attackers to siphon off funds. This incident raises alarms within the cryptocurrency community, highlighting the ongoing threat posed by state-sponsored hackers and the need for enhanced security measures in decentralized finance. As crypto continues to grow, incidents like this can undermine user trust and have broader implications for the market.

Apr 21, 2026

Mythos can find the vulnerability. It can’t tell you what to do about it.

CyberScoop

Anthropic has introduced a new model called Mythos that can identify vulnerabilities in software more quickly and at a lower cost than previous methods. While this capability could benefit developers and security teams by streamlining the detection of weaknesses in their systems, it does not provide guidance on how to fix these vulnerabilities. This gap means that even though vulnerabilities can be found faster, organizations still face challenges in addressing them effectively. The ongoing struggle to remediate identified issues remains a significant hurdle in cybersecurity. As companies adopt such tools, they need to ensure they have the expertise and processes in place to address vulnerabilities once they are discovered.

Apr 21, 2026

Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

Infosecurity Magazine

Vercel, a cloud app developer, has confirmed that it faced a security breach due to a sophisticated attack that exploited a third-party tool. The details surrounding the breach remain limited, but it raises concerns regarding the safety of applications built on Vercel's platform. Users and developers relying on Vercel for their cloud services should be vigilant, as this incident highlights potential vulnerabilities in third-party integrations. The company is likely working to assess the full impact of the breach and implement necessary security measures to prevent future incidents. This situation serves as a reminder for all companies to review their security practices, especially when using external tools and services.

Apr 21, 2026

NGate Android malware uses HandyPay NFC app to steal card data

BleepingComputer

A new variant of the NGate malware is targeting Android users by disguising itself within a trojanized version of HandyPay, a legitimate mobile payment app. This malware is designed to steal NFC payment data, posing a significant risk to users who rely on their smartphones for transactions. By embedding itself in a trusted application, attackers are increasing the chances that unsuspecting users will download and use the malicious version. Users of Android devices should be cautious about installing apps from unofficial sources and ensure they are using the latest security updates to protect their sensitive financial information. The implications of this malware are serious, as it could lead to unauthorized transactions and financial loss for those affected.

Apr 21, 2026

North Korean Blamed for $290m KelpDAO Crypto Heist

Infosecurity Magazine

North Korea's Lazarus Group has been implicated in a significant cyber theft involving KelpDAO, a decentralized finance platform, with losses estimated at $290 million. This incident marks another high-profile attack linked to the notorious group, known for its involvement in various cybercrimes, including cryptocurrency thefts. KelpDAO is now facing the repercussions of this breach, which impacts not only its operations but also the broader crypto community concerned about security. The attack raises alarms about the vulnerability of decentralized finance platforms to state-sponsored hacking, emphasizing the need for enhanced security measures across the industry. As the investigation unfolds, it is crucial for crypto users and platforms to remain vigilant against such threats.

Apr 21, 2026