ALL POSTS

Key Findings ShinyHunters claims to have breached European Commission systems and stolen over 350GB of data Alleged data includes mail server dumps, databases, confidential documents, and contracts The European Commission confirmed detecting a cyberattack on March 24 affecting cloud infrastructure hosting Europa.eu websites Internal systems were not compromised according to the Commission's investigation AWS denies any security incident occurred within its cloud environment N

Key Findings * Trivy GitHub Actions repositories compromised for second time in a month * 75 out of 76 version tags force-pushed with malicious payload * Attacker aims to steal CI/CD secrets including cloud credentials, cryptocurrency wallets * Likely perpetrated by TeamPCP threat actor group * Compromise stems from incomplete mitigation of previous security incident Background The Trivy vulnerability scanner, maintained by Aqua Security, has experienced a significant securit

Key Findings * Coruna and DarkSword exploit kits target outdated iOS versions * Apple warns users to update iOS to prevent data theft * Exploit kits can compromise iPhones through malicious web content * Devices running latest iOS versions are protected * Multiple threat actors are utilizing these exploit techniques Background Apple has identified significant security vulnerabilities in older iOS versions that can be exploited by sophisticated web-based attack frameworks. The

Key Findings • 29 million new secrets leaked on GitHub in 2025 • 81% increase in AI service credential leaks • Public GitHub commits increased 43% year-over-year • Secret leak rates in AI-assisted code are 2× baseline • Internal repositories 6× more likely to contain hardcoded secrets Background The year 2025 marked a transformative period in software development, characterized by unprecedented AI adoption and acceleration of software creation workflows. GitGuardian's annual

Key Findings * Amazon Bedrock AgentCore Code Interpreter enables DNS-based data exfiltration and RCE * LangSmith vulnerable to token theft via URL parameter injection (CVE-2026-25750) * Sandbox mode in AI services can be exploited to bypass network isolation * Potential for unauthorized data access and command execution across multiple platforms Background BeyondTrust cybersecurity researchers discovered critical vulnerabilities in AI execution environments that compromise ne

Key Findings * Researchers discovered a vulnerability in AWS Bedrock AgentCore Code Interpreter * DNS queries can be exploited to leak sensitive data from supposedly isolated AI systems * Vulnerability received a high-risk severity score of 7.5/10 * AWS responded by updating documentation instead of creating a full patch * Potential risks include data breaches and infrastructure compromise Background AWS Bedrock is a platform for building AI applications, with the AgentCore C

Here's the article in the requested format: Key Findings * Android 17 Beta 2 blocks non-accessibility apps from using Accessibility Services API * Advanced Protection Mode (AAPM) automatically revokes permissions for non-accessibility tools * Only verified accessibility tools can use the API when AAPM is enabled * Targets malware that has historically abused accessibility services for data theft Background Android's Accessibility Services API has long been a double-edged swor

Key Findings * ShinyHunters claims to have stolen approximately 1 petabyte of data from Telus Digital * Breach discovered through stolen Google Cloud Platform credentials from a previous Salesforce-related hack * Telus confirms unauthorized access to internal systems * No disruption to customer services reported * Investigations and forensic analysis are ongoing Background Telus Digital, a subsidiary of Canadian telecommunications giant Telus, provides business process outsou

Key Findings * International law enforcement dismantled SocksEscort proxy network * Network compromised approximately 369,000 IP addresses worldwide * Cybercriminals used service to route fraudulent activities and hide identity * $3.5 million in cryptocurrency seized * Infected over 8,000 home and small business routers * Caused millions in financial losses across multiple victims Background SocksEscort operated as a malicious proxy service from 2009, systematically infecting

Key Findings BoryptGrab information stealer spreading through over 100 GitHub repositories Malware designed to collect browser data, cryptocurrency wallets, system details, and user files Some variants deploy a PyInstaller backdoor called TunnesshClient for remote command execution Background Trend Micro has uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is capable of collecting sensitive data such as