Tag: cloud services
125 articles

GitHub Phishing Kit Targets Mexican Banks via Cloud Services
A sneaky GitHub phishing kit called "GitBait" has been targeting customers of 12 Mexican banks for three years, cleverly using cloud services like GitHub Pages and Google Sheets to stay under the radar. This cunning operation relied on over 100 GitHub-hosted domains to steal credentials, making it a challenging case for investigators.

PCPJack Hijacks Cloud Servers for Covert SMTP Relay Network
Security firm Hunt.io uncovered a sneaky operation where hackers known as PCPJack hijacked cloud servers worldwide, turning them into secret SMTP relays that pumped out spam every five minutes. The stolen servers, found in major cloud platforms like AWS, Google Cloud, and Azure, were quietly converted into spam-spewing machines.

Microsoft Exchange Online Disrupts Email Services Across North America, Germany
Microsoft Exchange Online is currently experiencing a widespread outage, causing significant delays in sending and receiving emails across North America and Germany, with some messages remaining undelivered for over an hour. The issue was detected at 10:33 a.m. EDT and is being actively investigated by the company.

Red Hat npm Packages Compromised in Supply-Chain Attack
A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

Microsoft Probes Office Apps, Teams File Access Outage
Microsoft is currently investigating an issue that's preventing some users from accessing files in Office for the web and Microsoft Teams, with affected users seeing an error message stating that Office Online services are temporarily unavailable. The company is working to restore services as soon as possible.

Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover
Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.

KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches
KongTuke hackers have found a lightning-fast way to breach corporations, exploiting Microsoft Teams to go from initial contact to persistent foothold in under five minutes. This alarming new tactic is part of KongTuke's evolving social engineering toolkit, complementing its previous web-based attacks.

Vietnam to Build Domestic Cloud to Bolster Data Sovereignty
Vietnam is taking a major step towards securing its digital future by building a domestic cloud infrastructure, aiming to safeguard national data and reduce reliance on foreign cloud services by 2030. This move will bolster data sovereignty, enhance cybersecurity, and drive the country's digital transformation.

Small Businesses Exposed to Growing Cyber Threats Without Cybersecurity Leadership
Small businesses are playing with fire, exposing themselves to devastating cyberattacks that can cost over $250,000 - a staggering amount that's roughly equivalent to the salary of a chief information security officer (CISO). By not investing in cybersecurity leadership, they're essentially rolling the dice against increasingly automated threats.

Phishing Attacks Exploit Amazon SES to Evade Detection
Kaspersky researchers have uncovered a surge in phishing attacks that cleverly exploit Amazon's trusted email service to evade detection. By using valid Amazon SES credentials, attackers can send convincing phishing messages that slip past standard security checks.

Attackers Exploit Amazon SES to Bypass Email Security in Phishing Campaigns
Phishing campaigns are now using Amazon's Simple Email Service to make malicious messages look legit, bypassing standard email security checks and putting victims at risk of revealing sensitive data. By exploiting Amazon SES's trusted reputation and authentication features, attackers are making it harder to spot phishing emails.

Threat Actors Exploit Blind Spots Beyond Endpoint Defenses
Attackers are now moving at an alarming pace, taking data four times faster than in 2025, and exploiting the blind spots that an over-reliance on endpoint defenses creates. They're striking across multiple surfaces, from cloud services to remote users, to evade detection and get in and out quickly.

Vimeo Breach Exposes User Data After Anodot Hack
Vimeo users, be aware: a recent data breach at analytics company Anodot exposed some of your personal info, including video titles, metadata, and in some cases, email addresses. Fortunately, uploaded video content, account credentials, and payment card info remain safe.

Microsoft Probes Outlook.com Outage as Sign-in Failures Mount
Microsoft is investigating an Outlook.com outage that's causing sign-in failures and unexpected sign-outs for some users, citing possible issues with client sign-in scenarios. The company is working to identify the root cause, but hasn't yet shared details on the number of affected users or regions.

Microsoft Graph API Change Disrupts Universal Print Sharing
Microsoft revealed that a recent code change to the Microsoft Graph API caused a ripple effect, introducing a critical error that disrupted Universal Print sharing and left many users in a frustrating limbo. The error sparked a chain reaction, exposing a long-standing issue that prevented share operations from completing as expected.

EU Awards $213M Cloud Contract to Boost Digital Sovereignty
The European Union has taken a bold step towards digital independence with a $213 million cloud contract awarded to four European providers, marking a significant shift away from US tech dominance. This strategic move is set to bolster the EU's digital sovereignty.

Nation-State Hackers Exploit Cloud Services for Global Espionage
In the shadows of the digital world, nation-state hackers are quietly exploiting cloud services to orchestrate global cyber espionage - but how can organizations, governments, and individuals defend against threats they can't see? The hidden world of cyber espionage poses a daunting question: what's at stake when the invisible forces of cyber threats manipulate the systems we rely on?

Microsoft Grapples with Weeks-Long Exchange Online Mailbox Access Disruptions
Weeks of frustrating disruptions have left Outlook mobile and macOS users struggling to access their Exchange Online mailboxes, sparking a flurry of questions about reliability and resolution. Microsoft is actively investigating the issue, but for affected users, the wait for a fix continues.

Malware Strikes: Critical Wiper Attack Targets Iran
A new wave of malware has struck, targeting Iran with a destructive wiper attack that wipes data from infected systems, blurring the lines between cybercrime and cyberwarfare. This brazen threat, dubbed CanisterWorm, exploits weak cloud security to spread its digital destruction.

630M Passwords Stolen: Stunning, Alarming Credential Cost
Some 630 million passwords have been leaked to criminal marketplaces — a stark reminder that passwords are no longer sacred. Now’s the moment to stop reusing credentials, enable MFA, and push for faster detection and smarter defenses.

cyber risk management: Must-Have Best Legal Defense
Cyber incidents aren’t just IT headaches — they’re legal minefields that can trigger fines, lawsuits and boardroom liability. Align contracts, AI governance, vendor controls and BYOD policies so technical breaches don’t become costly legal crises.

Cyberattack Disrupts European Airports: Stunning Risk
When cyberattacks knocked critical systems offline at several European airports, flights were delayed, baggage and check‑in went manual, and security teams scrambled to contain the fallout. The disruption was a stark reminder that modern air travel depends as much on fragile networks as on runways — and those networks can ripple through safety, commerce and public confidence.

Linux rootkits: Stunning, Dangerous Threats
From F5 supply-chain compromises to stealthy Linux kernel rootkits and pixnapping of media, attackers are increasingly able to live unseen inside systems for months. Now more than ever, teams should treat vendor appliances as high-risk, elevate kernel-level detection, and assume breach to stop quiet, long-lived exfiltration.

email bomb campaigns: Exclusive Dangerous Zendesk Flaw
Imagine waking to hundreds of threatening emails that look like they came from companies you trust — attackers abused weak outbound authentication in Zendesk to launch hard-to-block email bomb campaigns, a wake-up call for vendors and customers to tighten SPF/DKIM/DMARC and stronger default protections now.