cloud security

Attackers compromised ALL SonicWall firewall configuration backup files

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested […]

React to this headline:

Loading spinner

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation 2025-10-07 at 11:32 By Ionut Arghire Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation Read More »

$4.5 Million Offered in New Cloud Hacking Competition

$4.5 Million Offered in New Cloud Hacking Competition 2025-10-06 at 12:53 By Eduard Kovacs Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

$4.5 Million Offered in New Cloud Hacking Competition Read More »

Chekov: Open-source static code analysis tool

Chekov: Open-source static code analysis tool 2025-10-02 at 09:18 By Sinisa Markovic Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition analysis (SCA) for

React to this headline:

Loading spinner

Chekov: Open-source static code analysis tool Read More »

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device 2025-10-01 at 13:36 By Eduard Kovacs Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device. The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device

React to this headline:

Loading spinner

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device Read More »

CSA Unveils SaaS Security Controls Framework to Ease Complexity

CSA Unveils SaaS Security Controls Framework to Ease Complexity 2025-09-25 at 15:33 By Kevin Townsend New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence. The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CSA Unveils SaaS Security Controls Framework to Ease Complexity Read More »

New framework sets baseline for SaaS security controls

New framework sets baseline for SaaS security controls 2025-09-25 at 10:12 By Anamarija Pogorelec Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk processes only look at the vendor’s overall security, not the app itself. That

React to this headline:

Loading spinner

New framework sets baseline for SaaS security controls Read More »

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher 2025-09-23 at 16:05 By Kevin Townsend The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra

React to this headline:

Loading spinner

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher Read More »

Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud

Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud 2025-09-22 at 15:59 By Ionut Arghire L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations. The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud Read More »

VMScape: Academics Break Cloud Isolation With New Spectre Attack

VMScape: Academics Break Cloud Isolation With New Spectre Attack 2025-09-12 at 14:01 By Ionut Arghire Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

VMScape: Academics Break Cloud Isolation With New Spectre Attack Read More »

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users 2025-09-02 at 15:21 By Ionut Arghire The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled. The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users Read More »

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks 2025-08-29 at 16:25 By Ionut Arghire Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

React to this headline:

Loading spinner

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

Docker Desktop Vulnerability Leads to Host Compromise

Docker Desktop Vulnerability Leads to Host Compromise 2025-08-26 at 14:34 By Ionut Arghire A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Docker Desktop Vulnerability Leads to Host Compromise Read More »

Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day

Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day 2025-08-22 at 16:45 By Ionut Arghire Silk Typhoon was seen exploiting Citrix NetScaler and Commvault vulnerabilities for initial access to victim systems. The post Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day Read More »

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure 2025-08-22 at 12:22 By Eduard Kovacs AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check. The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure Read More »

DevOps in the cloud and what is putting your data at risk

DevOps in the cloud and what is putting your data at risk 2025-08-22 at 07:33 By Help Net Security In this Help Net Security video, Greg Bak, Head of Product Enablement at GitProtect, walks through some of the biggest security risks DevOps teams are dealing with. He covers how AI tools can introduce vulnerabilities, including

React to this headline:

Loading spinner

DevOps in the cloud and what is putting your data at risk Read More »

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged 2025-08-21 at 14:38 By Zeljka Zorz AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3

React to this headline:

Loading spinner

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged Read More »

CISOs need to think about risks before rushing into AI

CISOs need to think about risks before rushing into AI 2025-08-21 at 07:02 By Anamarija Pogorelec Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of 1,000 senior executives shows that business and IT leaders are not always aligned on what

React to this headline:

Loading spinner

CISOs need to think about risks before rushing into AI Read More »

AWS CISO explains how cloud-native security scales with your business

AWS CISO explains how cloud-native security scales with your business 2025-08-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes

React to this headline:

Loading spinner

AWS CISO explains how cloud-native security scales with your business Read More »

Scroll to Top