The Hacker News

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

Bedrock attack vectors exploit permissions and integrations, enabling data theft, agent hijacking, and system compromise at scale.
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
SecurityWeek

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

The Tycoon 2FA phishing platform’s operations have been largely unaffected by the recent law enforcement takedown attempt.

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.