Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Researchers warn many AI coding assistants now execute commands from project configurations
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers warn many AI coding assistants now execute commands from project configurations
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]
Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment
451 Research's Kennedy on How Skills Gap, Tool Sprawl Intensify Cloud Security RiskCloud security and gen AI governance are stretching security teams thin, warned Daniel Kennedy, principal research analyst at 451 Research, S&P Global Market Intelligence. Organizations now manage several cloud environments at once - each adding new risk and increasing the burden on security teams.
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next
LLMs automated most phases of the attack A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.…
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries
AI + skilled malware developers = security threat VoidLink, the newly spotted Linux malware that targets victims' clouds with 37 evil plugins, was generated "almost entirely by artificial intelligence" and likely developed by just one person, according to the research team that discovered the do-it-all implant.…
Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.
Also: Turning AI Data Into AI Defense, Autonomous Border Patrol RobotsIn this week's panel, four ISMG editors discussed how basic security failures are still opening the door to major breaches, how researchers are rethinking data protection in the age of AI and the implications of robots with artificial intelligence patrolling national borders.
A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets. [...]
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services
JFrog uncovers multi-stage malware harvesting cloud secretsMulti-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.
Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.…