ai

Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

A lone attacker leveraged AI-driven workflows to quickly exploit multiple weaknesses across an AWS cloud environment, conducting extensive reconnaissance, credential harvesting, and deployment pipeline abuse within 72 hours, leading to financial extortion of a major Amazon customer. The attacker chained together vulnerabilities in applications, cloud resources, and CI/CD pipelines to systematically steal secrets, create backdoors, and disrupt operations, demonstrating an accelerated attack tempo enabled by AI. Security experts warn organizations must enhance automated detection, response capabilities, and containment procedures to address the increased speed and scale of AI-assisted cloud attacks.

https://www.darkreading.com/cloud-security/lone-attacker-ai-breach-aws-cloud-environment

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Researchers demonstrated a proof-of-concept attack called “Friendly Fire” that tricks AI coding agents like Anthropic's Claude Code and OpenAI's Codex, running in autonomous modes, into executing malicious code hidden in untrusted third-party repositories. The attack exploits these agents' design, leading them to run disguised payloads—such as a script suggested in a README file—without user approval, highlighting significant security risks when using AI agents to vet external code. Experts recommend avoiding giving such AI agents command execution capabilities over untrusted code and caution against relying solely on model updates or sandboxing as defenses.

https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html

JadePuffer Ransomware Used AI Agent to Automate Entire Attack

Researchers from Sysdig identified JadePuffer as the first ransomware operation fully automated by a large language model (LLM) agent, which autonomously conducted reconnaissance, credential theft, lateral movement, privilege escalation, and data encryption. The AI-powered attack exploited a remote code execution flaw in Langflow to access targets, adapt to failures in real time, and encrypt over 1,300 MySQL configuration items, illustrating the emergence of agentic threat actors lowering the barrier for complex cyberattacks.

https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/

New BioShocking Attack Manipulates AI Browser Into Data Theft

A new prompt injection attack called “BioShocking” tricks AI-powered browsers into treating dangerous real-world actions as fictional scenarios, bypassing safety guardrails and enabling data theft. Researchers at LayerX demonstrated this by using a malicious webpage that taught AI agents to ignore normal rules, leading them to disclose sensitive information from code repositories across six tested AI browsers, with only one vendor implementing an effective fix. LayerX recommends stronger user confirmation, context checks, and access restrictions to mitigate this vulnerability.

https://www.bleepingcomputer.com/news/security/new-bioshocking-attack-manipulates-ai-browser-into-data-theft/

Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

Researchers at Mozilla's 0DIN AI security platform demonstrated that an attacker can trick AI coding agents like Claude Code into executing malicious shell commands by cloning and running a clean-looking GitHub repository containing no explicit malware. The attack exploits a multi-step setup process where an initialization command triggers a shell script that fetches and executes a remote payload from a DNS TXT record controlled by the attacker, ultimately granting the attacker interactive shell access with developer privileges. This method evades detection by security scanners, AI agents, and human reviewers, raising concerns about AI-assisted development security and prompting recommendations for improved transparency in automated execution chains.

https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/

Cybersecurity Firms Targeted by Fraudulent OpenAI Organization Invites

Threat actors have been creating fraudulent OpenAI ChatGPT organizations impersonating legitimate companies, such as Push Security, to send legitimate-looking invitations to targeted employees with the goal of tricking them into sharing sensitive company information. These attacker-controlled tenants assign invitees administrative privileges and include payment methods to appear credible, enabling them to collect confidential data submitted within the workspace. Security experts warn this reflects a growing tactic of abusing legitimate SaaS invitation systems to bypass email security measures and recommend staff training and monitoring of SaaS memberships to mitigate risks.

https://www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/

Vulnerability Reports Are Not Special Anymore

Filippo Valsorda argues that vulnerability reports have lost their special status due to advances in large language models (LLMs), which can now identify potential security issues as effectively as human researchers. This shift diminishes the scarcity and confidentiality that once made vulnerability reports valuable, making the main challenge for maintainers triage and remediation rather than discovery. The article suggests security teams should adapt by focusing on rapid assessment and integrating automated LLM analysis into their workflows while recognizing some high-severity or trusted-source reports still require special handling.

https://words.filippo.io/vuln-reports/

‘Deepfake as a Service’ Sees 39% Spike in Dark Web Conversations — and Experts Fear It Will Fuel the Next Wave of “Fake Boss” Scams

Discussions about “deepfake as a service” have surged by 39% on dark web forums, raising concerns among experts that this trend could intensify “fake boss” scams, where attackers impersonate executives to deceive employees. The rise of easily accessible deepfake technology lowers barriers for cybercriminals to conduct sophisticated social engineering attacks. Experts warn that this development may lead to more convincing and frequent fraud attempts targeting organizations.

https://www.techradar.com/pro/security/deepfake-as-a-service-sees-39-percent-spike-in-dark-web-conversations-and-experts-fear-it-will-fuel-the-next-wave-of-fake-boss-scams

Hundreds of AI-powered iOS Apps Found Exposing Credentials

Researchers from Wake Forest University analyzed 444 iOS apps with AI features and found that 282 exposed exploitable credentials or backend access, affecting diverse categories like productivity and health. Despite responsible disclosure, only 28% of the vulnerable apps remediated the issue, while 23% remained exploitable due to lack of action or flawed authentication. The study highlights systemic credential leakage in AI-powered iOS apps, posing ongoing security risks beyond individual developers and providers.

https://www.helpnetsecurity.com/2026/06/22/llm-api-credential-leakage-ios-apps/

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI has released an enhanced GPT-5.5-Cyber model through its Daybreak initiative to assist trusted defenders in identifying, validating, and patching software vulnerabilities across large codebases. Alongside an updated Codex Security plugin, this cybersecurity tool streamlines vulnerability detection, triage, and remediation, while the new Patch the Planet project partners with open-source communities to improve security by collaboratively developing and deploying patches. These efforts address the rapid escalation of vulnerabilities accelerated by AI, aiming to support maintainers in securing critical infrastructure despite increasing exploitation risks from advanced threat actors.

https://thehackernews.com/2026/06/openai-expands-daybreak-with-gpt-55.html

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Researchers have identified a new attack called Agentjacking that deceives AI coding agents into executing malicious code by exploiting a flaw in Sentry's error-tracking platform. By injecting crafted error events via a public Sentry Data Source Name (DSN), attackers can trick AI assistants into interpreting them as trusted instructions, enabling code execution with developer privileges and exposing sensitive data. Despite acknowledgment, Sentry has not fully fixed the issue, leaving many organizations vulnerable to exploitation without traditional detection methods.

https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html

88% of People Struggle to Tell What’s Real Online

A Malwarebytes survey of 1,500 adults across several countries found that 88% of people struggle to distinguish real online content from AI-generated fakes, with 85% reporting difficulty telling scams from genuine interactions—an increase from 66% last year. Half of respondents have encountered AI-driven fraud, including AI-generated product photos and personalized scams, while 19% experienced AI-related identity harms like non-consensual explicit content creation. The findings highlight growing challenges in online trust and identity due to AI-enabled deception, urging increased awareness and protective measures.

https://www.malwarebytes.com/blog/ai/2026/06/88-of-people-struggle-to-tell-whats-real-online

Amazon Security Research Reportedly Led to the White House’s Anthropic Fable Ban

Amazon's security research reportedly prompted the White House to impose export controls restricting foreign access to Anthropic's AI models Fable 5 and Mythos 5 after Amazon demonstrated the models could be manipulated to provide information useful for cyberattacks. CEO Andy Jassy's discussions with U.S. officials led to the directive, although Anthropic has contested the characterization of these vulnerabilities, noting similar issues exist in other publicly available models like GPT 5.5. This move has raised concerns as many of Anthropic’s researchers are foreign-born, effectively barring them from their own AI tools amid ongoing tensions between the company and the U.S. government.

https://www.theverge.com/ai-artificial-intelligence/949601/amazon-anthropic-fablemythos-government-ban

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers Via Malicious PyPI Wheels

The Mini Shai-Hulud, Miasma, and Hades supply chain campaign has expanded with 23 new malicious PyPI packages targeting bioinformatics and MCP developers by using varied delivery mechanisms including trojanized native extensions and .pth startup hooks to execute obfuscated JavaScript stealers via Bun. These malware-laden packages aim to compromise developer workstations and CI/CD environments to steal credentials, tokens, SSH keys, and cloud secrets, with attackers innovating their payload deployment to evade detection and complicate forensic analysis. Security teams are advised to review affected package versions, monitor for unusual Python startup behaviors, and rotate exposed credentials to mitigate the threat.

https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

An autonomous AI agent from security startup depthfirst discovered 21 zero-day vulnerabilities in FFmpeg, some latent for over two decades, highlighting AI's growing role in vulnerability detection. Meanwhile, Google released Chrome 149, patching a record 429 security bugs—including critical use-after-free flaws—with much of the increased workload attributed to managing a surge in AI-generated bug reports. These developments underscore the accelerating pace and volume of vulnerability discovery driven by AI, emphasizing the need for faster patch cycles and robust update mechanisms.

https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html

Scroll to Top