Several LLMs have been attacked in a large-scale cybercrime campaign.

Operation Bizarre Bazaar is a large‑scale cybercriminal campaign hijacking exposed LLM and MCP endpoints to resell API access, exfiltrate data, and facilitate lateral movement. Threat actors use automated scanning, validation services tied to silver.inc, and a marketplace offering access to more than 30 compromised LLMs. Over 35,000 attack sessions have been recorded, mainly targeting misconfigured or unauthenticated AI endpoints such as exposed APIs and open development environments. The campaign is attributed to a threat actor known as Hecker, operating a broad AI‑abuse ecosystem.

Read more:

https://www.securityweek.com/llms-hijacked-monetized-in-operation-bizarre-bazaar/