AI-assisted cloud intrusion achieves admin access in 8 minutes

An AWS environment was targeted in a sophisticated attack, with the threat actor gaining administrative privileges in under 10 minutes. The operation showed signs of leveraging large language models for automation and decision-making. Initial access was obtained through credentials found in public S3 buckets, followed by rapid privilege escalation via Lambda function code injection. The attacker moved laterally across 19 AWS principals, abused Amazon Bedrock for LLMjacking, and launched GPU instances for potential model training. The attack involved extensive reconnaissance, data exfiltration, and attempts to establish persistence. Notable techniques included IP rotation, role chaining, and the use of AI-generated code.

Pulse ID: 69836c62efca44252227678d
Pulse Link: https://otx.alienvault.com/pulse/69836c62efca44252227678d
Pulse Author: AlienVault
Created: 2026-02-04 15:57:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Amazon #Cloud #CodeInjection #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #RAT #bot #AlienVault

WatchGuard Firebox: Kritische Sicherheitslücken ermöglichen Code-Injection und Umgehung von Schutzmaßnahmen

https://www.all-about-security.de/watchguard-firebox-kritische-sicherheitsluecken-ermoeglichen-code-injection-und-umgehung-von-schutzmassnahmen/

#watchguard #CodeInjection #FirewallAppliances #firewall #XPathInjection #CVE

W jaki sposób exploit typu Content Injection może zniszczyć społeczność kultowej gry RTS?

StarCraft: Brood War i jego następca StarCraft 2 to ikony gatunku RTS (strategii czasu rzeczywistego) oraz jedne z najważniejszych gier komputerowych w historii, które od dekad cieszą się aktywną społecznością i profesjonalną sceną e-sportową. Jednak StarCraft 2 stoi obecnie przed poważnymi problemami, które zagrażają jego dalszemu rozwojowi i funkcjonowaniu gry....

#WBiegu #Blizzard #CodeInjection #Haktywizm #Starcraft

https://sekurak.pl/w-jaki-sposob-exploit-typu-content-injection-moze-zniszczyc-spolecznosc-kultowej-gry-rts/

🚨 ALERT 🚨: Someone figured out that your precious #Dependabot can be manipulated like a sneaky teenager with an unlimited credit card! 🤦‍♂️ Congratulations, now bots can help hackers throw a party in your codebase complete with command injection fireworks. 🎉 Keep pretending your #AppSec is secure, it'll be fun!
https://boostsecurity.io/blog/weaponizing-dependabot-pwn-request-at-its-finest #Vulnerability #CodeInjection #SecurityAlerts #HackerNews #HackerNews #ngated

Developers and gamers, listen up! Hackers are now using trusted tools and platforms to sneak in malicious code and clever scams. How are your projects staying secure in this evolving threat landscape?

https://thedefendopsdiaries.com/the-evolving-threat-landscape-how-hackers-target-fellow-developers-and-gamers/

#cybersecurity
#infosectrends
#codeinjection
#socialengineering
#gamerssecurity

Someone copied our GitHub project, added stars, and injected malicious code

https://old.reddit.com/r/golang/comments/1jbzuot/someone_copied_our_github_project_made_it_look/

#HackerNews #GitHub #Security #CodeInjection #MaliciousCode #OpenSource #Community

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. #codeinjection #CyberAlerts https://www.bleepingcomputer.com/news/security/microsoft-says-attackers-use-exposed-aspnet-keys-to-deploy-malware/

A recent cybersecurity study revealed a sophisticated malware campaign targeting NuGet, a package manager for .NET applications. Attackers used homoglyphs, characters that look similar but have different codes (for example, the number '0' and the letter 'O', or the lowercase 'l' and the uppercase 'I'), to create fake packages that seemed legitimate but contained malicious code. They also employed IL weaving, a method that alters .NET binaries to insert harmful modules disguised as legitimate ones. This campaign involved around 60 packages and 290 versions, highlighting the need for increased vigilance in software supply chains.

https://thecyberexpress.com/homoglyphs-il-weaving-malicious-nuget-campaign/

#cybersecurity #NuGet #malware #homoglyphs #ILWeawing #malwarecampaign #DotNet #CodeInjection #SecurityResearch

💉 #commandinjection is a type of #cyberattack that involves injecting malicious commands into a system through vulnerable input fields.

🔒🛡️ Protecting against it is crucial to prevent unauthorized access, #databreaches, and potential system compromise.

To learn more: https://bit.ly/45VGBah

#commandinjectionattack #codeinjection #injectionattacks #owasp #applicationsecurity #vulnerabilities #waap #waf #apptrana #indusface

The malware strategically injects a specialized script tag into the victim’s browser, leading to an external script, enhancing the attack’s stealth by avoiding detection as simple loader scripts often are.

#Cybersecurity #Trojan #CodeInjection #IBM #JavaScript #Banking

https://cybersec84.wordpress.com/2023/12/21/ibm-alerts-of-rising-javascript-injection-attacks-on-bank-accounts/

The tagDiv plugin and the Newspaper theme are popular among WordPress users for their rich features and user-friendly design.

#WordPress #Cybersecurity #CodeInjection #Vulnerabilities #tagDiv #Plugins

https://cybersec84.wordpress.com/2023/10/10/new-balada-injector-attack-targets-wordpress-admins/

📬 Twitter sammelt Nutzerdaten von über 70.000 Webseiten
#Datenschutz #Internet #Amazon #Audi #CodeInjection #ElonMusk #RestrictedDataUsage #Spotify #TwitterPixel #Volkswagen https://tarnkappe.info/artikel/datenschutz/twitter-sammelt-nutzerdaten-von-ueber-70-000-webseiten-260669.html

Interesting "Stealing passwords from infosec Mastodon - without bypassing CSP" by @gaz.
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

It says at the end that the vulnerability was only exploitable in the #Glitch fork (used by that instance), not #Mastodon itself.
Still, despite the slightly misleading title, that's some good research, and an interesting well-written article. 😄

#infosec #cybersecurity #codeInjection #WebSecurity

Hey #infosec/#appsec peeps...

Ever wanted to work on #videogames? :) Cheat devs are using #hypervisor mods to do hard-to-detect #codeinjection and in-memory modification.

#Bungie needs a low-level security engineer to help develop strategies that can be implemented in game clients running on compromised hardware to detect, mitigate, and run psyops on cheaters and cheat devs.

If you like adversarial work, it's pretty awesome. Come talk to me :)

#security #gamedev #ReverseEngineering #RE

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug - The shopping cart application contains a PHP object-injection bug. https://threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/ #informationdisclosure #securityvulnerability #phpobjectinjection #vulnerabilities #denialofservice #codeinjection #websecurity #e-commerce #wordfence #wordpress #welcart #plugin #patch #bug

Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach - JM Bullion fell victim to a payment-card skimmer, which was in place for five months. https://threatpost.com/texas-gold-dealer-payment-data-breach/160846/ #paymentcardskimmer #vulnerablewebsite #databreachnotice #vulnerabilities #preciousmetals #codeinjection #websecurity #emailnotice #databreach #golddealer #jmbullion #magecart #breach #reddit #hacks

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft - Admins should patch their Citrix ADC and Gateway installs immediately. more: https://threatpost.com/citrix-bugs-allow-unauthenticated-code-injection-data-theft/157214/ #informationdisclosure #criticaladvisory #securityadvisory #vulnerabilities #denialofservice #codeinjection #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #adc