Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
Weekly headline count for the current query.
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
A financially motivated operation uses lures of cracked or pirated software to deliver a two-for-one malware combo for data theft and cryptomining.
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.
Klue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.
China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and social-engineering its way into servers and databases.
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
GitHub confirmed a data breach this week involving the theft of thousands of developer code repositories. One threat actor — TeamPCP — took credit.
The now-patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.