Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks. Oligo Security bug hunters say the ongoing campaign, which they’ve named ShadowRay 2.0, has been active since at least September 2024.

Source: The Register