A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and…

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and what you need to do to protect yourself from scams, as the company warns customers to be on high alert.

French telecommunications giant Bouygues Telecom has confirmed a cyberattack that resulted in the personal information of 6.4 million customers being exposed. The company, which serves nearly 27 million mobile users across France, discovered the security breach on August 4th.

****What Was Compromised?****

An investigation by the company revealed that hackers gained access to a variety of customer details. This includes contact information, contract details, and, for many, their International Bank Account Number (IBAN). An IBAN is a unique number that identifies a bank account and is used to process transactions like direct deposits or transfers.

Bouygues has confirmed that more sensitive data, like passwords and credit card numbers, were not affected in this breach. Both individual and business customers were impacted by the attack. The company promptly reported the incident to French authorities and is alerting all affected customers via email or text message.

Hackers planning to leak Bouygues Telecom data soon (Image credit: Hackread.com)

****What Should Customers Do?****

In response to the breach, Bouygues is urging its customers to be extremely cautious of potential scams. Customers should watch for any suspicious emails or phone calls from people pretending to be from Bouygues or another company, as scammers might use the stolen data to try and trick them into revealing more information, such as credit card numbers or passwords.

Bouygues also advised customers whose IBANs were exposed to monitor their bank accounts closely and contact their bank if they notice any unusual activity. The company has filed a complaint with judicial authorities, noting that the perpetrator could face up to five years in prison and a €150,000 fine.

The attack on Bouygues is part of a broader trend of major telecommunication firms being targeted globally. As reported by Hackread.com, in May 2025, South Korean firm SK Telecom revealed a malware intrusion that had gone undetected for nearly two years, leaking vast amounts of customer data.

Furthermore, an advisory from the FBI and Canada’s Cyber Centre in June 2025 warned of an ongoing cyber espionage campaign by a China-linked group called Salt Typhoon, which is actively targeting telecom networks worldwide to steal sensitive data. These incidents highlight why telecommunications companies, due to the valuable data they hold, are frequent targets for both cybercriminals and state-sponsored groups.

Bouygues Telecom Hit by Cyberattack, 6.4 Million Customers Affected

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to secretly steal sensitive data from your connected Google Drive, SharePoint, and other apps without you knowing.

A new security flaw, dubbed AgentFlayer, has been revealed that demonstrates how attackers can secretly steal personal information from users’ connected accounts, like Google Drive, without the user ever clicking anything. The vulnerability was discovered by cybersecurity researchers at Zenity and presented at the recent Black Hat conference.

As per Zenity’s research, the flaw takes advantage of a feature in ChatGPT called Connectors, which allows the AI to link to outside applications such as Google Drive and SharePoint. While this feature is designed to be helpful, for example, by letting ChatGPT summarise documents from your company’s files, Zenity found that it can also create a new path for hackers.

****The Attack in Action****

The AgentFlayer attack works through a clever method called an indirect prompt injection. Instead of directly typing in a malicious command, an attacker embeds a hidden instruction into a harmless-looking document. This could even be done with text in a tiny, invisible font.

Invisible prompt injection embedded in a document. 1px white font (Source: Zenity)

The attacker then waits for a user to upload this poisoned document to ChatGPT. When the user asks the AI to summarise the document, the hidden instructions tell ChatGPT to ignore the user’s request and instead perform a different action. Such as, the hidden instructions could tell ChatGPT to search the user’s Google Drive for sensitive information like API keys.

Victim’s API Keys (Source: Zenity)

The stolen information is then sent to the attacker in an incredibly subtle way. The attacker’s instructions tell ChatGPT to create an image with a special link. When the AI displays this image, the link secretly sends the stolen data to a server controlled by the attacker. All of this happens without the user’s knowledge and without them needing to click on anything.

****A Growing Risk for AI****

Zenity’s research points out that while OpenAI has some security measures in place, they aren’t enough to stop this type of attack. Researchers were able to bypass these safeguards by using specific image URLs that ChatGPT trusted.

This vulnerability is part of a larger class of threats that show the risks of connecting AI models to third-party apps. Itay Ravia, the Head of Aim Labs, confirmed this, stating that such vulnerabilities are not isolated and that more of them will likely appear in popular AI products.

“As we warned with our original research, EchoLeak (CVE-2025-32711) that Aim Labs publicly disclosed on June 11th, this class of vulnerability is not isolated, with other agent platforms also susceptible,_“_ Ravia explained.

“The AgentFlayer zero-click attack is a subset of the same EchoLeak primitives. These vulnerabilities are intrinsic, and we will see more of them in popular agents due to a poor understanding of dependencies and the need for guardrails,” Ravia commented, emphasising that advanced security measures are needed to defend against these kinds of sophisticated manipulations.

AgentFlayer 0-click exploit abuses ChatGPT Connectors to Steal 3rd-party app data

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the…

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the US. He and his co-conspirators allegedly used spearphishing to steal customer data, filing fraudulent tax returns and disaster relief claims worth millions of dollars.

In a much-awaited legal move, Nigerian man Chukwuemeka Victor Amachukwu, a/k/a “Chukwuemeka Victor Eletuo” and “So Kwan Leung,” was recently extradited from France to the United States to face charges related to hacking, fraud, and identity theft.

The extradition, announced by the FBI and the Department of Justice, marks the culmination of extensive teamwork between US and French law enforcement agencies and is a major step in the ongoing case.

According to statements from US Attorney Jay Clayton and FBI Assistant Director Christopher G. Raia, Amachukwu is a key figure in a scheme that has allegedly stolen millions of dollars. The charges against him and his co-conspirators include a sophisticated plan to hack into tax businesses across the US, including locations in New York and Texas.

The alleged fraud began around 2019, when Amachukwu and his partners, including a person named Kinglsey Uchelue Utulu, used deceptive emails to gain access to the computer systems of tax preparation businesses. These types of emails, known as spearphishing, are highly targeted messages designed to trick specific individuals into revealing sensitive information or granting system access. Once inside, the group stole personal and tax information from thousands of customers.

They then used this stolen data to file fraudulent tax returns with the IRS and state tax authorities, seeking approximately $8.4 million and successfully obtaining around $2.5 million. The scheme didn’t stop there. The group also reportedly used the stolen identities to file fake claims with the Small Business Administration’s Economic Injury Disaster Loan program, securing an additional $819,000 in fraudulent payouts. This program is designed to provide financial relief to businesses affected by disasters.

In a separate scheme, Amachukwu is also accused of running a fake investment program. He allegedly promised victims valuable standby letters of credit that didn’t actually exist, and instead, “pocketed millions of dollars of his victims’ money,” according to US Attorney Clayton.

Amachukwu, 39, faces several serious charges, including conspiracy to commit computer intrusions, multiple counts of wire fraud, and aggravated identity theft (PDF). If convicted, these charges could lead to a lengthy prison sentence. He was presented before US Magistrate Judge Robert W. Lehrburger, with the case now assigned to US District Judge Paul G. Gardephe.

The FBI praised the work of its international partners, including the Justice Department’s Office of International Affairs and the French National Gendarmerie, for their help in the arrest and extradition. As is customary, the defendant is presumed innocent until proven guilty in a court of law.

Nigerian man extradited from France to US over hacking and fraud allegations

Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to…

Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to stay protected. Learn how a Russia-linked group is using this vulnerability and why you must manually update to WinRAR 7.13 now to stay safe.

WinRAR, a popular tool used by millions to manage compressed files, has been found to have a serious security weakness that was being actively exploited by hackers. The flaw, officially named CVE-2025-8088, allowed attackers to trick the program into installing malware on users’ computers without their knowledge. Security researchers at the firm ESET discovered and disclosed the issue, which has since been patched by WinRAR in a new update.

****How the Attack Worked****

The vulnerability is a type of _path traversal_ bug. This means a malicious file could be designed to make WinRAR save a file in a different location than where the user intended, such as the computer’s Startup folder. This enabled attackers to execute their own code.

According to a tweet from CVE (@CVEnew), this vulnerability was exploited to run what’s known as arbitrary code on a victim’s computer. The hackers’ goal was to deliver a malicious software called RomCom backdoor through specially crafted archive files sent in phishing emails.

These deceptive emails tricked people into opening the harmful attachments. For your information, RomCom malware is known for its ability to steal sensitive data and install other harmful programs, creating a serious security risk for anyone affected.

CVE on X

****The Russian Link****

Researchers from ESET, including Anton Cherepanov, Peter Košinár, and Peter Strýček, identified that the group behind this attack is a cyberespionage team suspected of being linked to Russia. This group has been known to carry out similar attacks in the past, targeting users in Europe and North America with different types of malware.

In late 2024, as reported by Hackread.com, they were exposed for exploiting a vulnerability in popular browsers like Mozilla Firefox and Tor Browser, which allowed them to run malicious code just by a user visiting a specific webpage.

Fortunately, there is a simple fix. WinRAR has released an update, version 7.13, which closes this dangerous security loophole. However, WinRAR does not automatically update itself, so it is up to each individual user to take action. To protect yourself from this threat, you must manually download and install the new version of WinRAR. Users who do not update will remain vulnerable to this specific attack.

WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware

A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…

A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin. Find out how this vulnerability, initially rated as medium, could allow hackers to achieve remote code execution and compromise thousands of unauthenticated Jenkins servers.

A new security analysis from the firm VulnCheck has revealed that a vulnerability in the popular Jenkins automation server is more dangerous than previously thought. The flaw, officially identified as CVE-2025-53652, was initially rated as a medium-level threat but has been found to allow for a severe type of attack known as command injection. This could potentially let hackers take complete control of a server.

For your information, Jenkins is a powerful open-source tool companies use for automating tasks in software development. The vulnerability specifically affects a feature called the Git Parameter plugin, which is used to allow developers to easily select and use different versions or branches of code directly within their automated tasks.

According to VulnCheck’s report, shared with Hackread.com, around 15,000 Jenkins servers on the internet currently have their security settings turned off, making them easy targets for this kind of attack.

Of the more than 100,000 internet-facing Jenkins servers, 15,000 have authentication turned off- FOFA (Source: VulnCheck)

The problem lies in how the Git Parameter plugin handles information given to it by users. When a user enters a value, the plugin uses it directly in a command without properly checking if it’s safe. This allows a skilled attacker to inject malicious commands into the system.

VulnCheck’s team confirmed that they could use this flaw to run their own code on the server, a dangerous type of attack called remote code execution (RCE). They were able to use this method to gain control of a test server and even access sensitive information, such as a master key.

Even though the official fix for the vulnerability has been released, VulnCheck warns that the patch can be manually disabled by a system administrator. This means that a server could still be vulnerable even if it has been updated. As a result, the security firm has created a special rule to help companies detect any attempts to exploit this weakness.

While the firm doesn’t believe the flaw will be widely exploited, they note that it’s the kind of weakness that skilled attackers value for specific, targeted attacks or for moving deeper into a company’s network.

15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

A new, coordinated cybercrime campaign called "GreedyBear" has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security.

A sophisticated and large-scale cybercrime campaign, named GreedyBear, has been exposed for stealing at least a million dollars from cryptocurrency users. The research, carried out by cybersecurity firm Koi Security and shared with Hackread.com, reveals a highly organised operation that goes far beyond typical online scams.

Instead of focusing on a single type of attack, the criminals behind GreedyBear are using a coordinated mix of malicious browser extensions, malicious software, and fake websites. This strategy allows them to attack from multiple angles at the same time, making their operation incredibly effective.

****How They Do It: Three Attack Methods****

One of the main ways GreedyBear operates is through malicious browser extensions. The group has created over 150 fake extensions for the Firefox marketplace, pretending to be popular crypto wallets like MetaMask, TronLink, Exodus, and Rabby Wallet.

Exodus Wallet risk report from Koidex risk engine (Source: Koi Security)

The attackers use a clever trick called “Extension Hollowing” to evade security checks. They first upload harmless extensions and, after building credibility with fake positive reviews, they hollow out the extensions by changing their names and icons and injecting malicious code, all while keeping the positive review history.

The second method involves almost 500 malicious programs, or executables, found on sites offering pirated software. These harmful programs include credential stealers, which are designed to steal your login information, and ransomware, which locks your files and demands a payment. The variety of these tools shows the group is not just a one-trick pony but has a wide range of methods to target victims.

Thirdly, the group has set up dozens of fake websites that look like legitimate crypto services or wallet repair tools. These sites are designed to trick users into entering personal information and wallet details.

****The Core Finding****

A key detail Koi Security’s research has revealed is that all of these attacks, the fake extensions, the malware, and the scam websites, are all connected to a single central server (185.208.156.66). This central hub allows the attackers to manage their large-scale operation with great efficiency.

Researchers note that this campaign, which started as a smaller effort known as Foxy Wallet, has now grown into a major multi-platform threat, with signs that it could soon expand to other browsers like Chrome and Edge.

Connection graph for 185.208.156.66 (Source: Koi Security)

Researchers also noted that this type of large-scale, automated crime is likely made possible by new AI tools, making it faster and easier than ever for criminals to launch attacks. This new reality means that relying on old security methods is no longer enough to stay safe online.

GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace

Google confirms a data breach by ShinyHunters hackers, who used a vishing scam to access a Salesforce database with small business customer info.

In a recent revelation, Google has confirmed that one of its internal databases was breached by a well-known cybercriminal organization. The Google Threat Intelligence Group (GTIC), which was already investigating the activities of the group known as ShinyHunters (or UNC6040), disclosed that its own Salesforce database was accessed in June. The attack exposed information belonging to Google’s small and medium-sized business clients.

The company stated that the breach was contained quickly, and the hackers had access for only a “small window of time.” The stolen data was described as “basic and largely publicly available,” consisting of business names, contact details, and some related notes. While Google did not disclose the full scale of the breach, the incident highlights a growing security concern for all businesses, including technology giants.

****Deception, Not Technical Flaws****

This attack was not a traditional hack exploiting a software flaw, but a sophisticated social engineering scheme. The hackers used a method called vishing (voice phishing) where they impersonated a company’s IT support staff in a phone call.

During the call, they tricked a Google employee into approving a malicious application disguised as a legitimate tool, the Salesforce Data Loader. This fraudulent app granted the hackers access to the database, allowing them to steal information.

Attack Flow Illustration (Source: Google)

As per Google Threat Intelligence Group’s (GTIG) research, UNC6040 is responsible for intrusions, while a separate group, UNC6240, handles the extortion, demanding Bitcoin payments within 72 hours. The company also warns that hackers have updated their tools and may be planning to launch a Data Leak Site (DLS) to pressure victims.

“The news that Google has suffered a data breach in the recent wave of attacks executed by ShinyHunters highlights that no organisation is immune to cybercrime,_”_ said William Wright, CEO of Closed Door Security. “It doesn’t matter if you are a small business or one of the world’s leading technology firms, all organisations are vulnerable._”_

He also emphasised that employee training and the use of MFA are key to blocking these attacks in their early stages.

****A Bigger and Growing Threat****

This breach is part of a larger trend of attacks by the ShinyHunters group. Over the past year, Hackread.com has reported the group’s links to several high-profile incidents, including a massive breach at Santander bank in May 2024 and another at Ticketmaster that affected over 560 million customers globally.

The threat is still active, as luxury fashion brand Chanel also recently announced it suffered a data breach in July, affecting some of its US customers via a third-party Salesforce database. Google’s report also warns that ShinyHunters may be planning to escalate its activities by launching a public data leak site.

In response to the attack, Google said it took immediate action to secure its systems and notify affected clients. The company also advises other businesses to strengthen their defences with better employee training, multi-factor authentication, and stricter access controls to prevent similar social engineering attacks.

Google Confirms Salesforce Data Breach by ShinyHunters via Vishing Scam

ShinyHunters breached Chanel’s US client database via Salesforce-linked access, exposing limited customer details through social engineering tactics.

ShinyHunters Target Chanel in Salesforce Linked Data Breach

Menlo Park, California, USA, 7th August 2025, CyberNewsWire

**Menlo Park, California, USA, August 7th, 2025, CyberNewsWire**

AccuKnox, a global leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), has partnered with SecuVerse.ai to deliver ASPM for Lonaci Loterie Nationale de Côte d’Ivoire (LONACI), the state-operated national lottery authority of Côte d’Ivoire.

This milestone partnership comes as LONACI advances its ambitious 2025–2030 digital transformation strategy, focusing on secure digital innovation, the modernization of gaming platforms, and stringent compliance with international data and operational standards.

**Why LONACI Selected AccuKnox**

LONACI’s key selection criteria included strict adherence to PCI-DSS, ISO 27001, and GDPR standards, as well as the need for deep observability, real-time threat mitigation, and least-privilege access enforcement across its hybrid cloud and distributed outlet systems.

Following a rigorous evaluation, AccuKnox stood out by delivering:

*   Comprehensive ASPM (Application Security Posture Management) solution that delivers integrated SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Source Code Analysis)
*   Reduce triaging and remediation efforts by using AI-assisted remediation steps. This provides users with precise remediation approaches based on assets, findings, and repositories under consideration. 
*   Customized dashboards and reporting capabilities
*   SOAR (Security, Orchestration, Automation, and Response) for addressing alerts in the most efficient manner

**Quotes from Key Stakeholders**

> “**LONACI sought to unify various fragmented tools into a single cohesive platform, exactly what our ASPM (Application Security Posture Management) solution delivers. We equipped LONACI with a prioritized view, actionable insights, and streamlined lifecycle management, significantly enhancing their ROI. We’re proud to collaborate with SecuVerse in delivering a compelling and differentiated value proposition to LONACI.**“

— Gaurav Mishra, Team Lead – Product Management & Solutions Engineering, AccuKnox

> “**We are pleased to partner with AccuKnox, a leader in code-to-cognition security. Their integrated AppSec, CloudSec, and AI security is exactly what LONACI needed to protect itself from both current and emerging threats. Our regional intelligence combined with their technical firepower helped us outpace incumbents by staying agile, secure, and local.**”

— Samir Boukharta, Founder, SecuVerse.ai

Secure Your Infrastructure the Zero Trust Way: book your free demo now 

**About AccuKnox**

AccuKnox provides a Zero Trust Code to the Cognition CNAPP Security platform. AccuKnox is the industry’s only platform that secures all public clouds and all private clouds; modern workloads like Kubernetes, IAC, AI/LLM, and Edge/IoT; and traditional workloads like virtual machines and bare metal. AccuKnox is funded by leading security investors, including National Grid Partners, MDSV, Avanta Venture Partners, Dolby Family Ventures, DreamIT Ventures, 5G Open Innovation Lab, and Seedop. AccuKnox was formed in partnership with SRI International (previously Stanford Research Institute) and has seminal patents on different aspects of Zero Trust security. AccuKnox is a core contributor to the CNCF Kubernetes run-time security project, KubeArmor, which has achieved 2M+ downloads.

https://accuknox.com/

**About** **Secuverse.ai** 

SecuVerse.ai is based in Casablanca, Morocco, with a presence in North, West, and Central Africa. SecuVerse.ai’s mission is to provide its clients with innovative, next-generation technology solutions to accelerate cybersecurity and AI programs. SecuVerse.ai works with companies around the world to offer a complete range of cybersecurity services, covering areas like DataSec, AppSec, CloudSec, IASec, and infrastructure security. https://wwww.secuverseai.com

**Contact**

**PMM**  
**Syed Hadi**  
**AccKnox**  
**\[email protected\]**

AccuKnox partners with SecuVerse.ai to deliver Zero Trust CNAPP Security for National Gaming Infrastructure

Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances.

Cybersecurity researchers at SafeBreach Labs have uncovered a new kind of cyberattack that starts with something as ordinary as a Google Calendar invitation. According to the team, this method can be used to hijack a person’s Google Gemini AI agent, giving attackers the ability to spy on them, steal personal data, and even take control of smart home devices remotely.

The research, titled “Invitation Is All You Need,” was carried out by Ben Nassi, Stav Cohen, and Or Yair. In an interview with Hackread.com, SafeBreach Labs explained that the attack relies on a new kind of threat known as Promptware. This technique manipulates an AI model by inserting carefully composed text, or prompts, that trick it into carrying out harmful actions.

Promptware’s Perimeter’s Location (Source: SafeBreach Labs)

The SafeBreach team developed a more advanced version of the attack, which they’ve named a Targeted Promptware attack. They demonstrated how it works specifically on Gemini for Workspace. By sending a malicious Google Calendar invitation, they were able to hijack a user’s Gemini agent, all without the person ever realising it.

This technique is known as an “indirect prompt injection” because the malicious instructions are hidden in something the AI reads on its own, like an event title, instead of being entered directly by the user.

Targeted Promptware Attack Explained (Source: SafeBreach Labs)

To show just how serious the vulnerability is, the researchers used a range of techniques, including context poisoning and automatic tool invocation, to exploit Gemini. Their tests demonstrated how far the attack could go once the AI agent was compromised.

After taking control of the Gemini agent, they were able to carry out a wide range of malicious actions, including

*   Steal private emails
*   Figure out a person’s location
*   Send spam and phishing emails
*   Delete a person’s calendar events
*   Generate harmful and toxic content
*   Turn on a person’s video camera through Zoom

What’s even more concerning is that the attack doesn’t stop online. The researchers showed that a compromised AI assistant could also take control of apps on a person’s smartphone, including those linked to smart home devices.

The researchers also found that an attacker could remotely control things like connected windows, boilers, and lights. This confirmed that Promptware attacks can go beyond Gemini itself and lead to real-world physical impact.

The researchers reported their findings to Google in February 2025. In response, Google rolled out new protections, including stronger security around sensitive actions and better systems to detect prompt injection attacks.

SafeBreach Labs estimates that 73% of these threats fall under the “High-Critical risk” category and warns that other AI-powered tools could be at risk too. The full research will be presented at Black Hat USA and DEF CON 33.

Meanwhile, it’s highly recommended to check out SafeBreach’s technical blog post and the seven demo videos the company shared.

Source

HackRead