How a botnet abused my open source project's cloud version to phish 14,000 people
By
Andrej Acevski
Toasted just enough. A reliable bake, gently seasoned.
Summary
The author, who runs an open source project management tool called Kaneo, discovered that a botnet had abused the hosted cloud version of their software to send phishing emails to 14,000 people. After receiving a quota exhaustion notice from Resend (their email provider), they investigated and found fake workspaces created by scammers using the tool's email functionality for phishing campaigns. The article details the investigation, cleanup process, and lessons learned about the responsibilities of running cloud services for unknown users.
Key quotes
· 4 pulledMy sending quota for cloud.kaneo.app was exhausted. I had not sent anything in days.
Last weekend someone else found it.
What I found, what I cleaned up, and what it taught me about running cloud on behalf of people I've never met.
The new workspaces looked like this: 🔒Paul Brown from BANKING OPERATION
You might also wanna read
CrowdStrike, Google, and Shadowserver dismantle Glassworm botnet targeting open-source developers
CrowdStrike, in collaboration with Google and the nonprofit Shadowserver, has taken down the Glassworm botnet — a cybercriminal operation th
buff.ly·4d ago
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
Glassworm botnet targeting software developers taken down by CrowdStrike, Google, and Shadowserver
A coordinated takedown operation by CrowdStrike, Google, and the Shadowserver Foundation dismantled the Glassworm botnet on 26 May 2024. The
briefly.co·4d ago