Today's session covered Security Note — ComfyUI Exposure Risk (Apr 9, 2026), Rules for our RunPod ComfyUI setup:, Conversation Summary. Here's a summary of what was accomplished and what's still in progress.

• Source: https://thehackernews.com/2026/04/over-1000-exposed-comfyui-instances.html
• 1,000+ exposed ComfyUI instances actively targeted by cryptomining botnet
• Attack vector: unauthenticated internet-exposed ComfyUI + ComfyUI-Manager allows remote code execution via custom nodes
• Payload: XMRig (Monero mining) + lolMiner (Conflux) + Hysteria V2 botnet
• C2 hosted on bulletproof hosting (Aeza Group, Russia)
• NEVER expose ComfyUI port publicly without auth