Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
highnews
security
Source: The Hacker NewsApril 7, 2026
Summary
Attackers are targeting over 1,000 publicly accessible ComfyUI instances (a platform for running AI image generation) with an automated scanner that exploits a misconfiguration allowing unauthenticated remote code execution (the ability to run commands on a system without permission). Once compromised, these systems are enrolled in botnets (networks of infected computers controlled remotely) to mine cryptocurrency and serve as proxies.
Classification
Attack Type
Supply Chain
Attack SophisticationAdvanced
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://thehackernews.com/2026/04/over-1000-exposed-comfyui-instances.html
First tracked: April 7, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 92%