Amazon AI coding agent hacked to inject data wiping commands

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...]

https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands/

 Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. [...]

https://www.bleepingcomputer.com/news/security/post-smtp-plugin-flaw-exposes-200k-wordpress-sites-to-hijacking-attacks/

 Allianz Life confirms data breach impacts majority of 1.4 million customers

Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month. [...]

https://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/

 Scattered Spider is running a VMware ESXi hacking spree

Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. [...]

https://www.bleepingcomputer.com/news/security/scattered-spider-is-running-a-vmware-esxi-hacking-spree/

 Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss

Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls—before attackers find them. [...]

https://www.bleepingcomputer.com/news/security/free-tool-autoswagger-finds-the-api-flaws-attackers-hope-you-miss/

 Internet Archive is now a US federal depository library

The Internet Archive has become an official U.S. federal depository library, providing online users with access to archived congressional bills, laws, regulations, presidential documents, and other U.S. government documents. [...]

https://www.bleepingcomputer.com/news/technology/internet-archive-is-now-a-us-federal-depository-library/

 OpenAI could rival Google Shopping with ChatGPT Shop

AI companies like OpenAI and Perplexity like to be the "everything company," and OpenAI's latest ChatGPT feature, "Shopping," makes that obvious. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-could-rival-google-shopping-with-chatgpt-shop/

 France's warship builder Naval Group investigates 1TB data breach

France's state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum. [...]

https://www.bleepingcomputer.com/news/security/frances-warship-builder-naval-group-investigates-1tb-data-breach/

 OpenAI prepares GPT-5 for roll out

OpenAI's ChatGPT-5 could drop in the coming days, and it could be one of the best models from the Microsoft-backed startup. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-prepares-gpt-5-for-roll-out/

 Microsoft will stop supporting Windows 11 22H2 in October

Microsoft has reminded customers today that the last supported editions of Windows 11 22H2 will reach their end of servicing on October 14. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-stop-supporting-windows-11-22h2-in-october/

 CISA flags PaperCut RCE bug as exploited in attacks, patch now

CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-flags-papercut-rce-bug-as-exploited-in-attacks-patch-now/

 Exploit available for critical Cisco ISE bug exploited in attacks

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). [...]

https://www.bleepingcomputer.com/news/security/exploit-available-for-critical-cisco-ise-bug-exploited-in-attacks/

 Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. [...]

https://www.bleepingcomputer.com/news/security/microsoft-macos-sploitlight-flaw-leaks-apple-intelligence-data/

 Endgame Gear mouse config tool infected users with malware

Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. [...]

https://www.bleepingcomputer.com/news/security/endgame-gear-mouse-config-tool-infected-users-with-malware/

 Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. [...]

https://www.bleepingcomputer.com/news/security/flaw-in-gemini-cli-ai-coding-assistant-allowed-stealthy-code-execution/

 Tea app leak worsens with second database exposing user chats

The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members. [...]

https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/

 Lovense sex toy app flaw leaks private user email addresses

The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment. [...]

https://www.bleepingcomputer.com/news/security/lovense-sex-toy-app-flaw-leaks-private-user-email-addresses/

 How attackers are still phishing "phishing-resistant" authentication

Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. [...]

https://www.bleepingcomputer.com/news/security/how-attackers-are-still-phishing-phishing-resistant-authentication/

 FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation

FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. [...]

https://www.bleepingcomputer.com/news/security/fbi-seizes-24m-in-bitcoin-from-new-chaos-ransomware-operation/

 French telecom giant Orange discloses cyberattack

Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...]

https://www.bleepingcomputer.com/news/security/french-telecommunications-giant-orange-discloses-cyberattack/

 Microsoft Edge now an 'AI-powered browser' with Copilot Mode

Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-an-ai-powered-browser-with-copilot-mode/