Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Die Agentic Workflows von Github erweisen sich beim Datenklau aus privaten Repositorys offenbar als sehr kooperativ. Ein Fix ist nicht zu erwarten. (Sicherheitslücke, KI)
Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication. The post Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection appeared first on SecurityWeek.
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.
The CI/CD workflow weakness affects Microsoft’s Azure Sentinel, Google’s AI Agent Development Kit, Apache’s Doris analytics database, Cloudflare’s Workers SDK, and Python Software Foundation’s Black.
CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-42945 is a heap-based buffer overflow in NGINX that occurs in ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authentication when specific rewrite-rule patterns are present, which makes it relevant for internet-facing NGINX reverse proxies. Many […]