Skip to main content

Tag: cloud security

258 articles

Blurred Teams meeting on laptop screen in office setting with abstract overlays.

Microsoft Bolsters Teams Security with Enhanced Bot Protections

Microsoft is stepping up its Teams security game with enhanced bot protections, allowing admins to block third-party bots from joining meetings without approval. This new policy gives organizations greater control over who can access their meetings, helping to prevent malicious apps and unwanted disruptions.

Analyst 207
Office workstation with laptop and CRM software, overlooking cityscape through large window.

Human Error Exposes Security Breaches Despite AI Advances

Despite advancements in AI, human error continues to expose security breaches, as seen in a recent Salesforce supply-chain compromise where a legacy credential was exploited. A company called Klue, which integrates with Salesforce, was compromised when attackers used OAuth tokens to access customer data.

Analyst 207
Rows of computer servers and network equipment in a modern data center, with one server highlighted.

Agentic AI's Identity Crisis Leaves Security Teams Vulnerable

Agentic AI's autonomy and poorly tracked access are creating a perfect storm of identity risk, leaving security teams vulnerable to attacks. As digital actors with broad permissions, these AI agents are operating in the dark, with many organizations lacking visibility into their actions.

Analyst 207
Developer workstation with laptop, terminal, and papers on a clean desk.

Amazon AI Coding Tool Exposes Cloud Credentials to Malicious Git Repos

A security vulnerability in Amazon's AI coding assistant, tracked as CVE-2026-12957, allowed malicious Git repositories to access sensitive cloud credentials, raising concerns about informed consent and user security. The flaw enabled automatic execution of commands with no user prompt required.

Analyst 207
Developer workstation with IDE open, laptop screen showing code, and terminal in background.

Amazon Q Developer Flaw Lets Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer, tracked as CVE-2026-12957, allowed malicious repositories to run commands and steal cloud credentials simply by being opened in an IDE. This vulnerability put developers at risk of having their sensitive AWS keys, cloud CLI tokens, and API secrets compromised.

Analyst 207
Network operations environment with servers, routers, and cables, showing a data stream being intercepted.

Cloud Providers' Global Namespace Flaw Enables Bucket Hijacking

A newly discovered flaw in cloud providers' global namespace has been exploited in a simple yet powerful bucket hijacking technique, allowing attackers to redirect sensitive data streams into their own accounts. This alarming vulnerability affects multiple services across major cloud providers.

Analyst 207
A sleek workstation with a laptop and futuristic devices on a neutral surface in a bright tech lab setting.

AWS Unveils AI-Powered Platform to Streamline Vulnerability Management

Discover and remediate code vulnerabilities with ease using AWS Continuum, a game-changing platform that streamlines vulnerability management with AI-powered recommendations and automated remediation. With Continuum, you can gain confidence in your security posture and automate fixes based on your own risk profiles and priorities.

Analyst 207
Brightly-lit tech headquarters with a hint of concern, daylight shining through a large window and blurred computer screens…

Salesforce Disables Klue App Over OAuth Token Abuse

Salesforce has taken swift action to protect its customers by disabling the Klue Battlecards app integration after detecting unusual activity that may have led to unauthorized access to some customer data. This move ensures the security of the Salesforce platform, which remains unaffected by a vulnerability.

Analyst 207
Business professional looks concerned while holding laptop amidst scattered papers and office supplies.

Microsoft 365 Exposes Data Protection Gaps for Businesses

Microsoft 365 is a powerhouse for productivity, but it leaves data protection gaps that put businesses at risk. The harsh reality is that while Microsoft safeguards its infrastructure, the responsibility of protecting your business data - including backups and recovery - falls squarely on your shoulders.

Analyst 207
Blurred laptop screen on a cluttered office desk with subtle signs of disarray.

Account Takeovers Rise as Complexity Exposes Identity Vulnerabilities

As attackers increasingly target identities rather than infrastructure, account takeovers are on the rise - and with 22% of breaches involving credential abuse, it's clear that traditional username-and-password security just isn't cutting it. The explosion of identities across cloud services, SaaS apps, and remote environments has created a perfect storm of vulnerability.

Analyst 207
Technicians work in a brightly-lit data center with rows of servers and storage systems surrounded by cables and equipment.

Enterprise Data Uploads to AI Models Surge 93% in a Year

In just one year, enterprise data uploads to AI models have skyrocketed 93%, with a staggering 18,033 terabytes of data - equivalent to 3.6 billion digital photos - being transferred to AI and machine learning applications. This massive surge raises serious concerns about data breaches and cyber espionage.

Analyst 207
Rows of storage servers and networking equipment in a large data center.

Google Vertex AI SDK Flaw Exposes Model Uploads to Hijacking

A newly discovered flaw in the Google Vertex AI SDK for Python left model uploads vulnerable to hijacking, allowing attackers to swap models and execute code within Google's serving infrastructure in a matter of seconds. This vulnerability, found by Palo Alto Networks Unit 42, could be exploited in just 2.5 seconds - a window of opportunity for attackers to wreak havoc.

Analyst 207
Server room with rows of computer servers and a single, highlighted vulnerable system.

Google Cloud Vertex AI Vulnerability Exposes Cross-Tenant RCE Risk

A recent vulnerability in Google Cloud's Vertex AI Python SDK left the door open for cross-tenant attacks, allowing hackers in separate projects to hijack model uploads and potentially execute malicious code remotely. This flaw was fortunately patched in version 1.148.0, released on April 15, 2026.

Analyst 207
Federal agency personnel walk through a data management room with rows of servers and networking gear.

Federal Agencies Pursue Secure AI With Data Clarity, Infrastructure Overhaul

The harsh reality is that most organizations are flying blind when it comes to their data, with little insight into what they have, where it's stored, or if it's properly secured. This knowledge gap is a major hurdle for federal agencies looking to harness the power of AI while keeping sensitive data safe.

Analyst 207
Laptop screen displays Microsoft 365 Copilot interface in office setting.

Microsoft 365 Copilot Flaw Exposes Sensitive Data to One-Click Attack

A single click on a seemingly trustworthy Microsoft link could have put sensitive information like emails, calendar details, and files at risk of being exposed to attackers, thanks to a flaw in Microsoft 365 Copilot Enterprise Search. This vulnerability, known as SearchLeak, highlights the importance of staying vigilant even with trusted sources.

Analyst 207
Laptop on office desk surrounded by papers and supplies with a blurred screen.

Microsoft 365 Copilot Exploited in 1-Click Data Theft Attack

A critical vulnerability in Microsoft 365 Copilot Enterprise, known as SearchLeak, could be exploited with just one click to steal sensitive data from mailboxes, OneDrive, and SharePoint. Fortunately, Microsoft has patched the flaw, CVE-2026-42824, and no user action is required to stay safe.

Analyst 207
Dimly lit, cluttered table with scattered computers and laptops in a cramped underground setting.

Dark Web Exposes Early Warning Signs of Supply-Chain Attacks

Attackers are quietly buying and selling access to trusted integrations, developer accounts, and unattended credentials on the dark web, revealing early warning signs of supply-chain attacks. Monitoring underground forums for these subtle signals can help flag potential risks long before a breach makes headlines.

Analyst 207
Rows of servers and storage systems in a cloud data center or server room.

Attackers Target Cloud Logging Services for Defense Evasion and Continuous Visibility

Cloud logging services, like AWS CloudTrail and Google Cloud Logging, are a treasure trove of insights into your cloud environment - but they're also a prime target for attackers looking to erase their tracks or gain continuous visibility into your operations. By manipulating these services, adversaries can create persistent blind spots that leave you vulnerable.

Analyst 207
Modern office workstation with laptop and computer setup amidst blurred server room equipment.

ServiceNow Warns of Flaw Exploited for Unauthorized Access

ServiceNow has issued a security update to fix a flaw that could allow unauthorized users to gain excessive access to customer instances, and the company is urging users to take action to protect their systems. The update was applied to hosted customer instances on June 5, 2026.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit data center.

ServiceNow Security Incident Exposes Customer Data via API Flaw

ServiceNow recently patched a critical API flaw that allowed attackers to access sensitive customer data, but not before detecting anomalous activity that hinted at a broader intrusion. The company quietly alerted affected customers through a discreet support bulletin and direct outreach.

Analyst 207
Technician inspects network infrastructure, highlighting hidden gaps in security tools.

Security Teams Grapple with Hidden Risk in Network Tool Gaps

Despite having unparalleled visibility, many organizations are struggling with a hidden risk - the manual, time-consuming, and error-prone work that happens between their network security tools, from alert validation to change implementation. This operational gap is where security teams lose efficiency and invite vulnerabilities.

Analyst 207
GitHub office interior with developer workstation, server racks, and city view.

GitHub Disrupts Microsoft Repos Amid Suspected Worm Infections

GitHub took drastic action, removing over 70 Microsoft repositories and disrupting critical code pipelines, after detecting suspected worm infections. This swift move has left many automated builds and deployments in limbo.

Analyst 207
Security analysts work at a large workstation surrounded by screens displaying data visualizations and threat maps.

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis

Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.

Analyst 207
Person working on laptop in minimalist office with blurred screen, focused expression.

OpenAI Bolsters ChatGPT with Lockdown Mode to Curb Data Exfiltration Risks

OpenAI is stepping up ChatGPT's security game with Lockdown Mode, a powerful setting that limits connections to the web and external services to prevent data exfiltration - a game-changer for those handling sensitive information. This advanced feature is now rolling out to eligible accounts, offering stricter protection guarantees.

Analyst 207