Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Also, France Probes Tchap Breach, M&S Cancels Bonuses, June Patch TuesdayThis week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court. Microsoft warned of AI-themed attacks. M&S canceled bonuses. France probed a Tchap breach. NHS trusts disclosed stolen data and a Telegram campaign targeted Russian troops.
CEO suspects silicon sidekick behind 'surprising velocity' breach - cyber crims shop stolen data for $2M Vercel's CEO reckons the crooks behind its recent breach likely had a helping hand from AI, saying the attackers moved with "surprising velocity" and a deep understanding of the company's infrastructure.…
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider FindsCloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers.
Also, Medusa Ransomware, Grafana Flaw, German Political Party BreachThis week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party.
Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.
Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.…
ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks SurgeThe Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC's James Lee warns that this lack of transparency puts people and businesses at greater risk.
Reported Victim Tally in HCIactive's Health Data Theft Incident SoarsThe victim count in a 2025 hack against a Maryland-based firm that provides "AI-powered" administrative and technology services to healthcare practices soared to nearly 3.1 million nationwide, according to an updated breach report from Healthcare Interactive.
'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent
Also: Medicare Data Breach; Gartner Security & Risk Management Summit TakeawaysIn this week's update, ISMG editors discussed Iran-linked hackers claiming to steal emails from Trump's inner circle, how to refine application development in the age of AI, and a U.S. Medicare data breach amplifying concerns over the safety, security and privacy of federal health systems.
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department's Office of Foreign Assets Control.
A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens
Also: Personal Data Theft From OKX; Terraform-SEC Settlement TermsThis week, the Norwegian government froze funds from the Ronin hack, a hacker stole personal data of OKX users, Terraform Labs' SEC released settlement terms, "Ethereum's most secure wallet" was breached, Orbit Chain spoke about its hacked funds and scammers exploited AI hype.
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...]
All Dropbox Sign Users' Emails Stolen, Plus Some MFA and OAuth Tokens, API KeysDropbox said hackers breached its infrastructure and stole swaths of customer data for its legally binding electronic signature service, Dropbox Sign, including names, emails, hashed passwords and authentication tokens. The company has begun forcing password resets and API key rotation.