breach

Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

A lone attacker leveraged AI-driven workflows to quickly exploit multiple weaknesses across an AWS cloud environment, conducting extensive reconnaissance, credential harvesting, and deployment pipeline abuse within 72 hours, leading to financial extortion of a major Amazon customer. The attacker chained together vulnerabilities in applications, cloud resources, and CI/CD pipelines to systematically steal secrets, create backdoors, and disrupt operations, demonstrating an accelerated attack tempo enabled by AI. Security experts warn organizations must enhance automated detection, response capabilities, and containment procedures to address the increased speed and scale of AI-assisted cloud attacks.

https://www.darkreading.com/cloud-security/lone-attacker-ai-breach-aws-cloud-environment

Accenture Confirms Breach After Hacker Offers Stolen Data for Sale

Accenture confirmed a security breach after a threat actor claimed to have stolen 35 GB of source code, RSA keys, and other sensitive data, subsequently offering it for sale on a cybercrime forum. While Accenture stated the issue has been remediated with no impact on operations or service delivery, the company did not disclose how the breach occurred or whether customer data was compromised.

https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/

Nearly a Million Passports Just Exposed on the Public Internet—and Anyone Could Access Them with a Simple URL

Nearly a million passports and photo IDs from multiple European countries were exposed on public web servers without any authentication, encryption, or access controls, allowing anyone with a URL to access these sensitive documents for months. The data, collected for age verification by the company Nefos and associated cannabis clubs, remained vulnerable due to critical security misconfigurations, raising significant risks of identity theft and document fraud for affected individuals. This incident highlights severe failures in data stewardship and compliance with established security standards for handling identity verification information.

https://cambridgeanalytica.org/data-breaches-scandals/passports-driver-licenses-exposed-public-internet-2026-51096/

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

A China-linked threat group known as Velvet Ant backdoored critical Linux login software components PAM and OpenSSH to maintain covert access inside isolated networks for nearly a decade, starting from 2016. By altering trusted login programs themselves, the attackers bypassed traditional defenses, capturing credentials and commands without exploiting new malware, making the intrusion difficult to detect and remediate. Security experts recommend monitoring these login files for changes and verifying software integrity to detect and remove such stealthy backdoors effectively.

https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html

The Newest Instagram “Exploit” Is the Goofiest I’ve Seen

A recent Instagram exploit allowed attackers to hijack accounts by simply faking the victim's location and tricking Instagram's AI support into sending verification codes to the attacker's email, bypassing two-factor authentication entirely. This vulnerability led to high-profile account takeovers, was exploited on black market services, and has since been patched by Meta, though it reportedly remained active for weeks or months.

https://www.0xsid.com/blog/meta-account-takeover-fiasco

Meta AI Support Bot Helped Hackers Hijack Instagram Accounts

Meta's AI support assistant for Instagram was exploited by hackers to hijack high-profile accounts by changing the email address linked to those accounts without proper identity verification, sometimes bypassing two-factor authentication. The vulnerability, which was publicly accessible for a short time, allowed attackers to take over accounts easily, prompting Meta to patch the issue and secure impacted accounts.

https://www.macrumors.com/2026/06/01/meta-ai-instagram-attack/

Ghost Hackers: the Cybersecurity Mystery That Nobody Has Solved

The article revisits the unresolved cybersecurity mystery of the Shadow Brokers, an enigmatic hacking group that in 2016 leaked a trove of sophisticated NSA hacking tools, including the EternalBlue exploit, which later enabled widespread ransomware attacks like WannaCry. Despite extensive analysis and speculation, no individuals behind the Shadow Brokers have been identified or charged, highlighting the enduring challenge of attributing and responding to major cyber intelligence leaks.

https://techcrunch.com/2026/05/26/ghost-hackers-the-cybersecurity-mystery-that-nobody-has-solved/

Grafana Labs Admits All Its Codebase Are Belong to Someone Who Popped Its GitHub Account

Grafana Labs disclosed that an unauthorized party accessed its GitHub repository and downloaded its codebase by obtaining a compromised token. Although the attacker threatened to release the code unless a ransom was paid, Grafana refused to pay, stating no customer data or personal information was accessed and operations were unaffected.

https://www.theregister.com/cyber-crime/2026/05/18/grafana-labs-admits-attackers-downloaded-its-codebase-from-github/5241686

GitHub Says Internal Repos Exfiltrated After Poisoned VS Code Extension Attack

GitHub suffered a security breach caused by a malicious Visual Studio Code extension that led to the exfiltration of about 3,800 internal repositories, though customer data reportedly remains safe. The attacker group TeamPCP claimed to have access to the internal source code and offered it for sale, raising concerns about potential leakage of private repositories and credentials. GitHub is continuing its investigation and monitoring for further activity while promising a more detailed report once complete.

https://www.theregister.com/devops/2026/05/20/github-says-internal-repos-exfiltrated-after-poisoned-vs-code-extension-attack/5243206

GitHub Confirms Breach, 4K Internal Repos Stolen

GitHub confirmed a breach involving the theft of approximately 4,000 internal repositories by the threat actor TeamPCP, who claimed responsibility and offered the stolen data for sale. The breach occurred through a compromised Visual Studio Code extension on an employee's device, and GitHub responded by removing the malicious extension, isolating the endpoint, rotating critical secrets, and continuing incident response investigations.

https://www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen

Thousands of Facebook Accounts Stolen by Phishing Emails Sent Through Google

Researchers have uncovered a phishing operation using Google’s AppSheet platform to send deceptive emails that have compromised around 30,000 Facebook business and advertiser accounts, primarily targeting pages with financial value. This campaign abuses trusted Google services to bypass email filters, tricking users into providing Facebook credentials and 2FA codes, enabling attackers to monetize hijacked accounts by running scams or selling access.

https://www.malwarebytes.com/blog/news/2026/05/thousands-of-facebook-accounts-stolen-by-phishing-emails-sent-through-google

cPanelSniper – PoC Exploit Disclosed for cPanel Vulnerability, 44,000 Servers Compromised

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, exploited by a publicly released proof-of-concept tool named “cPanelSniper,” has compromised approximately 44,000 servers worldwide since at least February 2026. The flaw allows attackers to forge root sessions without valid credentials by injecting malicious session data, prompting emergency patches from cPanel, while security experts urge immediate updates and audits to prevent further exploitation.

https://cybersecuritynews.com/cpanelsniper-poc-exploit/

GTA 6 Developer Rockstar Reportedly Hacked, Data Being Ransomed

Hacker group ShinyHunters claims to have breached Rockstar Games' secured cloud servers via a security flaw in a third-party service, Anodot, demanding a ransom by April 14 or threatening to leak corporate data. Rockstar confirmed a data breach occurred but stated that only a limited amount of non-material company information was accessed, with no impact on their organization or players.

https://kotaku.com/rockstar-games-reportedly-hacked-massive-data-leak-ransom-gta-6-shinyhunters-2000686858

Drift Crypto Platform Confirms $280 Million Stolen in Hack as Researchers Point Finger at North Korea

The decentralized finance platform Drift confirmed a $280 million theft through a sophisticated attack involving the rapid takeover of its security council administrative powers, with pre-signed transactions exploited via social engineering. Blockchain security experts, including Elliptic, have attributed the hack to North Korean state-backed hackers, consistent with previous crypto theft tactics used by the DPRK to fund its military program, marking the eighteenth such incident tracked this year.

https://therecord.media/drift-crypto-confirms-280-million-stolen-north-korea

European Commission Investigating Breach After Amazon Cloud Account Hack

The European Commission is investigating a security breach after a threat actor accessed one of its Amazon Web Services cloud accounts, reportedly stealing over 350 GB of data including multiple databases. Although AWS confirmed no security incident on their platform, the Commission’s cybersecurity team detected the attack quickly, and the threat actor has stated intentions to leak the stolen data online without extorting the Commission.

https://www.bleepingcomputer.com/news/security/european-commission-investigating-breach-after-amazon-cloud-account-hack/

Scroll to Top