Find notable cyber news and cases, enriched with sources, timelines, and signals.

AWS environment hit by data theft breach

Incident
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

An AWS environment was compromised in an AI-assisted intrusion that enabled extortion, creating immediate risk of data theft and operational disruption. The actor used 72 hours to carry out work that would normally take weeks, then searched for secrets, built persistence, exfiltrated data from RDS databases, and executed impact actions against S3 buckets, ECS services, and SQS queues. The intrusion exploited gaps in secrets management, identity governance, deployment workflows, and cloud permissions.

Related Happenings

LexisNexis Legal & Professional hit by network compromise

Incident
H score38 First: 03.03.2026 17:40 Last: 03.03.2026 17:40 Sources 1

About this happening: **LexisNexis Legal & Professional** confirmed a **server breach** after an **unauthorized party accessed a limited number of servers**, creating risk that internal customer and bu...

Exposed security-training web apps exploitation wave

Exploitation Wave
H score41 First: 21.01.2026 16:00 Last: 21.01.2026 16:00 Sources 1

About this happening: **DVWA**, **OWASP Juice Shop**, **Hackazon**, and **bWAPP** instances exposed in cloud environments are being **actively exploited**, putting **Fortune 500 companies** and securit...

AWS IAM credential-abuse crypto-mining campaign

Campaign
H score34 First: 16.12.2025 18:35 Last: 16.12.2025 18:35 Sources 1

About this happening: The **AWS**-targeting campaign is using **compromised IAM credentials** to deploy **cryptocurrency mining** resources across customer environments, creating immediate cost and res...

DragonForce campaign expands across multiple victims

Campaign
H score39 First: 03.12.2025 17:05 Last: 03.12.2025 17:05 Sources 1

About this happening: **DragonForce** is a **ransomware campaign** that pairs follow-on encryption with **Scattered Spider**-linked intrusion tradecraft against **high-value targets**. In **December 20...

Timeline

  1. 08.07.2026 15:30 2 articles · 1d ago

    Sygnia details AI-assisted AWS compromise for extortion

    Initial Disclosure

    Sygnia says a lone threat actor used AI-assisted workflows to compromise an AWS environment for extortion after obtaining an access key through weaknesses in an internet-facing application. The post-compromise activity unfolded over 72 hours and included searching for secrets and credentials, creating persistence with new access keys and IAM users, establishing reverse shells on EC2 instances and ECS containers, exfiltrating data from RDS databases, and disrupting S3 buckets, ECS services, and SQS queues while exploiting gaps in secrets management, identity governance, deployment workflows, cloud permissions, visibility, monitoring, and incident preparedness.

    Show sources