Skip to main content

Tag: cloud security

258 articles

Person working on laptop in modern office setting, conveying security and technology.

Akamai Bolsters AI Browser Security with $205M LayerX Acquisition

Akamai is taking browser security to the next level with its $205 million acquisition of LayerX, a cutting-edge startup that's changing the game with its innovative approach to securing interactions between users and applications. By integrating LayerX's technology, Akamai is bolstering its security stack to protect the increasingly AI-driven and cloud-based world.

Analyst 207
Dimly lit server room with a lone laptop displaying a brightly lit AI interface.

Enterprises Lag in Securing Autonomous AI Agents

Most organizations are struggling to keep pace with the rapid evolution of autonomous AI agents, which can introduce new risks and behaviors at machine speed. As these agents increasingly handle sensitive data, enterprises face a pressing need to update their security strategies and tools to mitigate the emerging threats of shadow AI and over-permissioned agents.

Analyst 207
Brightly-lit tech company headquarters with server room interior and security hint.

AWS Discloses Flaw in Quick Access Control

AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

Analyst 207
Developer workstation with laptop and office supplies in a bright, minimalist room.

Claude Code Attack Persists Through Token Rotation Flaw

A surprising lack of resistance to a proof-of-concept attack has exposed a vulnerability in Claude Code, allowing a five-step attack chain that can turn routine token rotation into a continuous compromise. This exploit requires just one malicious npm package and the ability to run code on a developer's machine, making it a concerning threat.

Analyst 207
Security practitioners overlook threats on a large computer screen in a brightly-lit cloud data center.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management

Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center setting.

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA

SAP has patched a critical vulnerability in its Commerce Cloud and S/4HANA systems, warning that hackers could exploit the flaw to upload malicious code and take control of the application. This security gap, caused by a misconfigured Spring Security setup, put sensitive data and system integrity at risk.

Analyst 207
Security professional stands before a cityscape window with looming digital threats.

Security Teams Overlook AI-Driven Threats in Cloud Risk Management

Stay ahead of the threats: are you managing cloud risk effectively, or is it still siloed and vulnerable to AI-driven attacks? Recent research from Google Threat Intelligence Group reveals a new wave of AI-augmented operations that are scaling and accelerating compromises.

Analyst 207
Rows of servers and storage systems in a neutral, institutional data center with a single figure in the foreground.

AI-Driven Attacks Infiltrate Cloud Environments, Exposing Hidden Risks

New AI-driven threats are rapidly exploiting cloud security gaps, making it vital for teams to adopt a proactive, holistic approach to risk reduction to safeguard critical assets and data. Stay ahead of adversaries by understanding how they're weaponizing cloud vulnerabilities at alarming speed.

Analyst 207
Server racks and cloud storage units in a data center with a hint of disruption.

PCPJack Disrupts TeamPCP's Cloud Footprint with Credential Theft

Meet PCPJack, a sneaky new credential theft framework that's wreaking havoc on TeamPCP's cloud operations by stealing sensitive credentials and clearing out the competition. This malicious tool is quietly moving through cloud environments, leaving a trail of compromised systems in its wake.

Analyst 207
Executive stands in front of large screen displaying cloud security interface in modern office setting.

WatchGuard Bolsters Cloud Security With Perimeters Acquisition

WatchGuard's acquisition of Perimeters is a strategic move to supercharge its cloud security offerings, driven by a personal endorsement from its CISO who fell in love with Perimeters' technology. This exciting purchase brings Perimeters' innovative cloud application security solutions into WatchGuard's portfolio.

Analyst 207
Modern network operations center with servers and equipment, featuring a prominent cloud firewall in the foreground.

Firewalls Evolve to Bolster Zero Trust, Cloud Security

As organisations navigate the complexities of multi-cloud estates, modern cloud firewalls are emerging as a crucial linchpin for reclaiming coherent security controls and mastering cloud networking. They're not old tech, but a vital tool for cloud architects and security pros to enforce robust, zero-trust security across multiple providers.

Analyst 207
Rows of computer servers and storage equipment in a neutral-colored data center with industrial flooring and cable…

PCPJack Credential Stealer Exploits CVEs to Spread Across Cloud Systems

Meet PCPJack, a sneaky credential stealer that's exploiting vulnerabilities to spread rapidly across cloud systems, swiping sensitive info from services like cloud, finance, and productivity tools. Its operators are after one thing: illicit financial gain.

Analyst 207
Rows of computer servers and storage equipment in a data center with a single unoccupied Linux terminal in the foreground.

PCPJack Worm Targets Cloud Infrastructure, Steals Credentials

A fresh malware campaign, dubbed PCPJack, is targeting cloud infrastructure, stealing credentials and wreaking havoc on Linux-based systems with a sophisticated framework that installs hidden working directories and establishes persistence. This alarming attack bears striking similarities to earlier TeamPCP/PCPCat campaigns, raising concerns about its potential impact.

Analyst 207
Professionals gather in front of a futuristic data center at a tech company headquarters.

Legacy Security Tools Hinder Data Protection Efforts

With data constantly moving across cloud and AI environments, traditional security tools are holding you back from truly protecting your data - it's time for a modern approach. A staggering 72% of security professionals agree that data security is more critical than ever, making an evolution in strategy urgent.

Analyst 207
Cluttered developer's workstation with laptop and tools in a softly lit open-plan office.

Quasar Linux Malware Targets Developers with Stealthy Implant

Meet Quasar Linux, a sneaky new malware targeting developers with a potent blend of stealth, persistence, and credential theft capabilities that can compromise software supply chains. This Linux implant is quietly infiltrating dev and DevOps environments, putting cloud toolchains at risk.

Analyst 207
Rows of servers and network equipment in a data center appear vulnerable with some areas blurred or out of focus.

AI-Driven Attacks Infiltrate Cloud Environments

Stay ahead of the threats: as AI-driven attacks infiltrate cloud environments, it's crucial to adopt a proactive, holistic approach to risk reduction and protect your critical assets and data. Google Cloud and XM Cyber warn that understanding how attackers move laterally throughout your network is key to safeguarding against emerging AI-driven threats.

Analyst 207
Security professional stands in front of rows of server racks and workstations in a modern data center.

AI Drives Shift to Continuous Penetration Testing in Cloud Environments

The AI revolution is transforming technology like never before, and Evinova is at the forefront, shifting from annual penetration testing to continuous security validation to safeguard its cloud-native healthcare software. This bold move replaces traditional point-in-time assessments with ongoing validation, ensuring rock-solid security for its customers.

Analyst 207
Security expert examines laptop in lab setting with tech equipment and AI hints.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers

Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Analyst 207
Rows of server racks in a brightly-lit data center with equipment slightly askew, hinting at unauthorized access.

ADT Confirms Cyber Intrusion After ShinyHunters Extortion Attempt

ADT confirmed a cyber intrusion on April 20, swiftly isolating the breach and collaborating with incident responders and law enforcement to contain the damage. The compromised data included sensitive information like names, phone numbers, and addresses, as well as dates of birth and partial Social Security numbers for a smaller subset of individuals.

Analyst 207
Empty conference hall with podium and blurred laptop screen.

Mandiant VP Warns of Resurgent Cybersecurity Risks in AI Deployments

As organizations rush to adopt AI, they're reviving long-standing cybersecurity failures, warns Mandiant VP Jurgen Kutscher, who urges a focus on basic security controls over new AI-specific threats. Neglecting these fundamentals leaves AI-enabled environments vulnerable to measurable operational weaknesses.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room.

LMDeploy Vulnerability Exploited Within 13 Hours of Disclosure

A critical vulnerability in LMDeploy's vision-language module was exploited in the wild just 13 hours after its disclosure, allowing attackers to access sensitive resources and internal networks. This server-side request forgery flaw, tracked as CVE-2026-33626, affects all versions of the toolkit prior to 0.12.0.

Analyst 207
Futuristic cybersecurity workstation with laptop and high-tech equipment in a bright, minimalist setting.

Google Bets on General AI Models for Cybersecurity Needs

Google Cloud is shaking up its approach to cybersecurity by betting on its general AI model, Gemini, to tackle security needs, rather than developing a separate, cyber-focused model. This bold move is based on the impressive performance of Gemini across various domains, including coding and security.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit data center with a single laptop in the foreground.

AI Targets Cloud Environments With Autonomous Attacks

Imagine a future where AI launches devastating cloud attacks with minimal human intervention - a threat that's no longer theoretical, but a harsh reality as demonstrated by a recent state-sponsored espionage campaign where AI executed 80-90% of the attack autonomously. Palo Alto Networks' Unit 42 has taken this threat to the next level by building a proof-of-concept AI model called Zealot that can execute end-to-end cloud attacks.

Analyst 207
Hybrid cloud management interface with exposed sections on a laptop screen.

Flaws in Hybrid Cloud Tools Expose Dual Attack Surfaces

Researchers have uncovered four vulnerabilities in Microsoft's Windows Admin Center, exposing a dual attack surface in hybrid cloud tools that may be flying under your radar. If left unmonitored, this unmanaged attack surface can leave your organization vulnerable to potential threats.

Analyst 207