Tag: cloud security
258 articles

Akamai Bolsters AI Browser Security with $205M LayerX Acquisition
Akamai is taking browser security to the next level with its $205 million acquisition of LayerX, a cutting-edge startup that's changing the game with its innovative approach to securing interactions between users and applications. By integrating LayerX's technology, Akamai is bolstering its security stack to protect the increasingly AI-driven and cloud-based world.

Enterprises Lag in Securing Autonomous AI Agents
Most organizations are struggling to keep pace with the rapid evolution of autonomous AI agents, which can introduce new risks and behaviors at machine speed. As these agents increasingly handle sensitive data, enterprises face a pressing need to update their security strategies and tools to mitigate the emerging threats of shadow AI and over-permissioned agents.

AWS Discloses Flaw in Quick Access Control
AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

Claude Code Attack Persists Through Token Rotation Flaw
A surprising lack of resistance to a proof-of-concept attack has exposed a vulnerability in Claude Code, allowing a five-step attack chain that can turn routine token rotation into a continuous compromise. This exploit requires just one malicious npm package and the ability to run code on a developer's machine, making it a concerning threat.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management
Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA
SAP has patched a critical vulnerability in its Commerce Cloud and S/4HANA systems, warning that hackers could exploit the flaw to upload malicious code and take control of the application. This security gap, caused by a misconfigured Spring Security setup, put sensitive data and system integrity at risk.

Security Teams Overlook AI-Driven Threats in Cloud Risk Management
Stay ahead of the threats: are you managing cloud risk effectively, or is it still siloed and vulnerable to AI-driven attacks? Recent research from Google Threat Intelligence Group reveals a new wave of AI-augmented operations that are scaling and accelerating compromises.

AI-Driven Attacks Infiltrate Cloud Environments, Exposing Hidden Risks
New AI-driven threats are rapidly exploiting cloud security gaps, making it vital for teams to adopt a proactive, holistic approach to risk reduction to safeguard critical assets and data. Stay ahead of adversaries by understanding how they're weaponizing cloud vulnerabilities at alarming speed.

PCPJack Disrupts TeamPCP's Cloud Footprint with Credential Theft
Meet PCPJack, a sneaky new credential theft framework that's wreaking havoc on TeamPCP's cloud operations by stealing sensitive credentials and clearing out the competition. This malicious tool is quietly moving through cloud environments, leaving a trail of compromised systems in its wake.

WatchGuard Bolsters Cloud Security With Perimeters Acquisition
WatchGuard's acquisition of Perimeters is a strategic move to supercharge its cloud security offerings, driven by a personal endorsement from its CISO who fell in love with Perimeters' technology. This exciting purchase brings Perimeters' innovative cloud application security solutions into WatchGuard's portfolio.

Firewalls Evolve to Bolster Zero Trust, Cloud Security
As organisations navigate the complexities of multi-cloud estates, modern cloud firewalls are emerging as a crucial linchpin for reclaiming coherent security controls and mastering cloud networking. They're not old tech, but a vital tool for cloud architects and security pros to enforce robust, zero-trust security across multiple providers.

PCPJack Credential Stealer Exploits CVEs to Spread Across Cloud Systems
Meet PCPJack, a sneaky credential stealer that's exploiting vulnerabilities to spread rapidly across cloud systems, swiping sensitive info from services like cloud, finance, and productivity tools. Its operators are after one thing: illicit financial gain.

PCPJack Worm Targets Cloud Infrastructure, Steals Credentials
A fresh malware campaign, dubbed PCPJack, is targeting cloud infrastructure, stealing credentials and wreaking havoc on Linux-based systems with a sophisticated framework that installs hidden working directories and establishes persistence. This alarming attack bears striking similarities to earlier TeamPCP/PCPCat campaigns, raising concerns about its potential impact.

Legacy Security Tools Hinder Data Protection Efforts
With data constantly moving across cloud and AI environments, traditional security tools are holding you back from truly protecting your data - it's time for a modern approach. A staggering 72% of security professionals agree that data security is more critical than ever, making an evolution in strategy urgent.

Quasar Linux Malware Targets Developers with Stealthy Implant
Meet Quasar Linux, a sneaky new malware targeting developers with a potent blend of stealth, persistence, and credential theft capabilities that can compromise software supply chains. This Linux implant is quietly infiltrating dev and DevOps environments, putting cloud toolchains at risk.

AI-Driven Attacks Infiltrate Cloud Environments
Stay ahead of the threats: as AI-driven attacks infiltrate cloud environments, it's crucial to adopt a proactive, holistic approach to risk reduction and protect your critical assets and data. Google Cloud and XM Cyber warn that understanding how attackers move laterally throughout your network is key to safeguarding against emerging AI-driven threats.

AI Drives Shift to Continuous Penetration Testing in Cloud Environments
The AI revolution is transforming technology like never before, and Evinova is at the forefront, shifting from annual penetration testing to continuous security validation to safeguard its cloud-native healthcare software. This bold move replaces traditional point-in-time assessments with ongoing validation, ensuring rock-solid security for its customers.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

ADT Confirms Cyber Intrusion After ShinyHunters Extortion Attempt
ADT confirmed a cyber intrusion on April 20, swiftly isolating the breach and collaborating with incident responders and law enforcement to contain the damage. The compromised data included sensitive information like names, phone numbers, and addresses, as well as dates of birth and partial Social Security numbers for a smaller subset of individuals.

Mandiant VP Warns of Resurgent Cybersecurity Risks in AI Deployments
As organizations rush to adopt AI, they're reviving long-standing cybersecurity failures, warns Mandiant VP Jurgen Kutscher, who urges a focus on basic security controls over new AI-specific threats. Neglecting these fundamentals leaves AI-enabled environments vulnerable to measurable operational weaknesses.

LMDeploy Vulnerability Exploited Within 13 Hours of Disclosure
A critical vulnerability in LMDeploy's vision-language module was exploited in the wild just 13 hours after its disclosure, allowing attackers to access sensitive resources and internal networks. This server-side request forgery flaw, tracked as CVE-2026-33626, affects all versions of the toolkit prior to 0.12.0.

Google Bets on General AI Models for Cybersecurity Needs
Google Cloud is shaking up its approach to cybersecurity by betting on its general AI model, Gemini, to tackle security needs, rather than developing a separate, cyber-focused model. This bold move is based on the impressive performance of Gemini across various domains, including coding and security.

AI Targets Cloud Environments With Autonomous Attacks
Imagine a future where AI launches devastating cloud attacks with minimal human intervention - a threat that's no longer theoretical, but a harsh reality as demonstrated by a recent state-sponsored espionage campaign where AI executed 80-90% of the attack autonomously. Palo Alto Networks' Unit 42 has taken this threat to the next level by building a proof-of-concept AI model called Zealot that can execute end-to-end cloud attacks.

Flaws in Hybrid Cloud Tools Expose Dual Attack Surfaces
Researchers have uncovered four vulnerabilities in Microsoft's Windows Admin Center, exposing a dual attack surface in hybrid cloud tools that may be flying under your radar. If left unmonitored, this unmanaged attack surface can leave your organization vulnerable to potential threats.