A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to complete control in about 72 hours, not with new tools, but with very fast and organized actions. According to Sygnia’s investigation, the threat actor got access to an AWS account …
Read More »Mycelium Framework: First AI-as-a-Service Botnet
A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn’t just get into computers; it makes them rented AI tools for other criminals to use. The system named Mycelium is sold on a hidden website as a bundle for hacking into computers …
Read More »CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents
CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use autonomous AI systems. Early risks were mainly about simple chatbot misuse. Now, AI agents can look at websites, access internal data, and carry out commands. This has greatly increased the areas …
Read More »Thousands of MCP Servers Exposed to File Access and Injection Attacks
Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, command injection, server-side request forgery (SSRF), and SQL injection. This raises big worries about the safety of AI supply chain security. A big study of 9,695 MCP servers from well-known sites like GitHub, Glama, Lobehub, …
Read More »An AI performed a cyber attack without any human help for the first time
Security experts found what they think is the first time an AI carried out a cyber attack all by itself. The complete automated campaign used an AI to carry out a ransomware attack. Victims have to pay money to get their data back. A team from the cloud security company …
Read More »Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor
Alibaba is said to be getting ready to ban the use of Anthropic’s Claude Code in its own systems starting July 10. This choice follows claims that the AI coding helper has a hidden detection method that acts like a backdoor. The news, first reported by the Chinese financial outlet …
Read More »India asks WhatsApp not to roll out ‘username’ feature over fraud concerns
The Indian government issued a notice WhatsApp planned to roll out its new ‘username’ feature. They are worried about fake accounts and fraud. The company must discuss the issue before moving forward. This week, WhatsApp said it will let users pick a username and hide their phone numbers when they …
Read More »Asian Two AI startups launch Mythos-like Model
Two Asian AI companies have released new models this week that compete with Anthropic’s recently limited Mythos and Fable models, as a U.S. export ban on those technologies reaches its third week. These actions show an increasing effort in the region to cover gaps left by U.S. export ban. New …
Read More »OpenAI unveils its first custom chip, Named Jalapeño
On Wednesday, OpenAI introduced its first special AI chip. This is aimed at growing from just consumer products to being involved in AI infrastructure. The chip, called Jalapeño, was made with Broadcom to handle the computing for ChatGPT and Codex efficiently. OpenAI says it’s also built for future AI projects. …
Read More »Anthropic’s Mythos reportedly broke NSA classified systems in hours
The recent finding shows how powerful Mythos is: the AI can access the US government’s secret networks in just a few hours. The Mythos model created by Anthropic was able to breach “almost all” of the US National Security Agency’s classified systems in a matter of hours rather than weeks, …
Read More »
InfoSecBulletin Cybersecurity for mankind