Skip to main content

Tag: cloud security

258 articles

Dimly lit server room with rows of racked servers and networking gear.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials

Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Analyst 207
Employees work at desks in a brightly-lit office with a city view, one standing near a whiteboard.

SASE Struggles to Keep Pace with AI-Driven Workflow Shifts

As enterprises shift to AI-driven workflows, their security teams struggle to keep up, risking loss of visibility as data interactions move beyond traditional network boundaries. With modern protocols like TLS 1.3 and HTTP/3 blocking interception, outdated SASE architectures are failing to keep pace.

Analyst 207
Dimly lit server room with rows of computer servers and equipment, hinting at vulnerability.

FIFA Exposes Vulnerability in Application Backends

A shocking vulnerability was discovered in the backends of two FIFA applications, Football Data Platform and Commentator Information System, where authorization checks were surprisingly handled by client-side code, leaving them open to potential exploitation. This flaw highlights a critical error in application design, where security checks were outsourced to the user interface, rather than being rigorously enforced on the server-side.

Analyst 207
Cluttered workstation with scattered papers, empty cans, and multiple screens displaying code amidst a sense of urgency.

Vulnerabilities Remain Unaddressed Despite Swift Remediation Efforts

Malicious npm packages have skyrocketed 451% year-over-year, highlighting a disturbing trend where old vulnerabilities continue to resurface and supply-chain abuse is scaling rapidly, putting organizations at risk. Despite swift remediation efforts, many critical vulnerabilities remain unaddressed.

Analyst 207
Large data center with rows of servers and racks, hinting at security vulnerability.

OAuth Client ID Spoofing Enables Credential Validation in Microsoft Entra ID Attacks

Researchers have uncovered a sneaky way attackers exploit a blind spot in Microsoft Entra ID's cloud sign-in telemetry, using OAuth Client ID spoofing to validate stolen credentials without triggering a successful sign-in event. By submitting fake client IDs, hackers can cleverly probe accounts and verify login details.

Analyst 207
Dimly lit server room with exposed cables and a hint of data deletion.

Musk Vows Data Purge After Grok Exposes User Repos

Elon Musk has vowed to wipe out all user data uploaded to SpaceXAI, following a shocking discovery that the company's AI tool, Grok Build, was secretly sending entire repositories, complete with full Git history and raw files, to a Google Cloud Storage bucket. The purge promises a clean slate, with Musk assuring that zero data will remain.

Analyst 207
Business setting with laptop on desk, papers and supplies nearby, and CRM system on screen.

Microsoft Tracks ShinyHunters' Salesforce Data Theft Via OAuth Flaws

Microsoft uncovered a sneaky year-long operation by the ShinyHunters extortion group, who exploited trust in Salesforce's OAuth system to steal sensitive data, using clever vishing tactics to trick employees into granting access to a malicious app. The attackers posed as IT support, convincing victims to authorize a fake Data Loader tool that allowed them to make API calls and search for valuable credentials.

Analyst 207
Brightly-lit server room with rows of humming servers and a lone technician inspecting a rack, hinting at potential…

Cyber-attackers Exploit OAuth Client ID Spoofing in Cloud Environments

Cyber-attackers are increasingly using OAuth Client ID spoofing to infiltrate cloud environments, with multiple campaigns emerging, each with unique tools and infrastructure. This technique allows attackers to cleverly abuse Microsoft Entra ID by mimicking legitimate authentication requests.

Analyst 207
Cybersecurity team works in operations center with daylight and system dashboard.

CISA Bolsters Protections After Major Credential Leak

CISA swiftly sprang into action after discovering a major credential leak on May 15, taking swift and decisive steps to halt the breach and prevent further damage. By sharing their incident response experience, CISA aims to help other organizations bolster their defenses and avoid similar security mishaps.

Analyst 207
Briefing room with laptop, whiteboard, and window, hint of cloud graphic.

CISA Exposes Lessons from AWS GovCloud Key Incident Response

When a security researcher uncovered exposed credentials in a public GitHub repository, CISA sprang into action, swiftly mitigating any potential exposure to its cloud resources and code repositories. Thanks to the researcher's sharp eyes and KrebsOnSecurity's reporting, CISA was able to respond quickly and contain the incident.

Analyst 207
Blurred laptop on minimalist desk in neutral room conveys vulnerability.

AI Agents Expose Identity Security Gap

The alarming truth is that security systems, designed with people in mind, are failing to protect against AI agents - and the consequences are stark. A single compromised machine identity can become a gateway to a vast array of sensitive information, as a recent breach involving an OAuth token and hundreds of organizations painfully illustrates.

Analyst 207
Person sitting at desk with concerned expression, looking at phone near open laptop.

Phishing Campaign Targets Microsoft 365 Users with Voice-Based Entra Passkey Scam

Beware of scammers impersonating Microsoft 365, tricking users into enrolling a fake Entra passkey by mimicking the real enrollment portal and leveraging voice calls to urge action. This sneaky phishing campaign has been targeting multiple sectors since April, putting unsuspecting users at risk.

Analyst 207
Large office building with subtle tech infrastructure and blurred office workers in foreground.

Accenture Breach Exposes Source Code, Heightens Supply Chain Risk

Accenture's recent data breach, where 35GB of sensitive data including source code was stolen, shines a spotlight on the hidden risks of working with major consulting and services firms. As a trusted partner to businesses and governments worldwide, Accenture's breach heightens concerns about supply chain vulnerabilities.

Analyst 207
Rows of computer servers in a brightly-lit data center with a lone laptop in the foreground.

AI-Powered Attacks Rapidly Compromise Cloud Targets

The increasing accessibility of large language models and agentic AI has empowered even less sophisticated threat actors to launch lightning-fast attacks with unprecedented scale, significantly ramping up the challenge for defenders. This alarming trend enables attackers to accelerate their workflows and compromise cloud targets at an unprecedented pace.

Analyst 207
Person working on laptop in modern office setting with GitHub pages on screens.

GitHub AI Agent Exposes Private Repos to Malicious Prompts

A shocking vulnerability in GitHub's AI-powered Agentic Workflows has been discovered, allowing attackers to expose private repositories with just a cleverly crafted issue and some plain English instructions - no coding skills or credentials required. This flaw lets hackers fetch and publicly share sensitive files, putting organizations at risk.

Analyst 207
A broken lock on a laptop screen amidst coding workspace symbolizes chatbot vulnerability.

Google Dialogflow Flaw Lets Rogue Agents Hijack Chatbots

A security flaw in Google Dialogflow, dubbed "Rogue Agent," allowed hackers to hijack chatbots, but thankfully, a fix was rolled out after Varonis reported the issue through Google's Vulnerability Reward Program. The flaw was cleverly exploited through custom Code Blocks in Dialogflow CX, highlighting the importance of robust security measures in chatbot development.

Analyst 207
Dimly lit server room with rows of computer servers and networking equipment in disarray.

Cloud Worm CAI Disrupts Rivals, Steals Secrets and Mines Crypto

Meet CAI, a malicious botnet that's disrupting rival operations, swiping sensitive secrets, and mining cryptocurrency - all while eliminating competing malware to maintain its grip on compromised targets. This centralized worm is a powerhouse of credential theft and cryptomining, making it a force to be reckoned with.

Analyst 207
Blurred figure of a person works amidst server racks and monitors in a brightly-lit data center.

Sysdig Exposes First Fully Agentic Ransomware Campaign

Meet JadePuffer, the groundbreaking ransomware campaign that's fully driven by a large language model (LLM) and can launch a devastating attack in as little as 31 seconds. This AI-powered threat uses an adaptive and automated approach to exploit vulnerabilities and extort its targets.

Analyst 207
Rows of servers and racks in a brightly-lit data center with a single workstation in the foreground.

Ransomware Operation Exploits AI to Automate Cyberattack

Meet JadePuffer, a notorious ransomware operation that's taking cyberattacks to the next level with the power of AI, automating attacks with ease. In a shocking example, JadePuffer used a large language model agent to encrypt a staggering 1,342 Nacos service configuration items.

Analyst 207
Cluttered workspace with laptop, smartphone, and papers, with blurred screen and urban view outside.

Google Cloud billing dispute escalates over $11,000 hijack charges

Developer Charles Jones was hit with a whopping $11,089.77 in Google Cloud charges after his account was hijacked, despite reporting the compromise and revoking the implicated keys. The unexpected charges, largely linked to Gemini image-generation models, left him stunned as his business doesn't even use such technology.

Analyst 207
Office worker looks puzzled at laptop with subtle fake prompt on screen amidst blurred coworkers and computers.

Microsoft 365 Accounts Targeted in 3-Second Hijacking Attacks

Beware of a sneaky 3-second hack that can hijack your Microsoft 365 account with just a click - it starts with a harmless-looking link that tricks you into executing the attack yourself. This clever tactic, known as ClickFix, exploits a simple human reflex to gain control of your account.

Analyst 207
Brightly-lit office setting with computers and network equipment in the background.

Hackers Exploit Microsoft 365 Flaws with 81 Million Login Attempts

In just two weeks, a massive password-spraying campaign racked up over 81 million login attempts, compromising 78 Microsoft 365 accounts across 64 organizations and highlighting a dramatic surge in cyber threats. This alarming trend saw a 155-fold increase in attacks, with organizations now facing an average of 1,964 failed login attempts per month.

Analyst 207
Server racks in a brightly-lit data center with a single blurred-out laptop in the foreground.

Azure CLI Hit by Massive Password Spray Attack Targeting 78 Accounts

In a staggering display of cyber aggression, a threat actor launched a massive password spray attack on Microsoft's Azure CLI, racking up over 81 million login attempts and breaching at least 78 accounts across 64 organizations in just two weeks. The relentless campaign, which unfolded between June 12 and June 26, successfully compromised accounts at an alarming rate of two to four per day, with some days seeing spikes of up to 30 breaches.

Analyst 207
Laptop on a desk in a modern office with a blurred screen and subtle shadow.

Microsoft Warns AI Agents Can Leak Data via Poisoned Tool Descriptions

A single line of plain text can unwittingly turn a helpful AI agent into a stealthy data thief, exposing sensitive information through a vulnerability in the Model Context Protocol (MCP). This fast-growing attack surface has Microsoft warning of a potentially disastrous trust boundary breach.

Analyst 207