cloud security

New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs 

Amd, cloud security, confidential computing, CPU vulnerability, Featured, Intel, TEE, TEE.fail /

New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs  2025-10-29 at 10:23 By Eduard Kovacs Intel and AMD have published advisories after academics disclosed details of the new TEE.fail attack method. The post New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs  appeared first on SecurityWeek. This […]

React to this headline:

Loading spinner

New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs  Read More »

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense

Artificial Intelligence, cloud security, cybersecurity, identity management, Microsoft, News, Ransomware, report, threats /

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense 2025-10-24 at 10:42 By Anamarija Pogorelec Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in which criminal and state-backed actors blurred the lines between cybercrime, espionage, and

React to this headline:

Loading spinner

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense Read More »

Attackers target retailers’ gift card systems using cloud-only techniques

cloud security, Don't miss, Hot stuff, Microsoft 365, News, Palo Alto Networks, Retail, spear-phishing /

Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and

React to this headline:

Loading spinner

Attackers target retailers’ gift card systems using cloud-only techniques Read More »

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint /

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

React to this headline:

Loading spinner

Attackers turn trusted OAuth apps into cloud backdoors Read More »

RMPocalypse: New Attack Breaks AMD Confidential Computing

Amd, AMD-SEV, cloud security, CPU, CPU attack, CPU vulnerability, RMPocalypse /

RMPocalypse: New Attack Breaks AMD Confidential Computing 2025-10-14 at 14:08 By Ionut Arghire A vulnerability in RMP initialization allows the AMD processor’s x86 cores to maliciously control parts of the initial RMP state. The post RMPocalypse: New Attack Breaks AMD Confidential Computing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

RMPocalypse: New Attack Breaks AMD Confidential Computing Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

backup, cloud security, Don't miss, enterprise, firewall, Hot stuff, Mandiant, News, SMBs, SonicWall /

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

React to this headline:

Loading spinner

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation

cloud security, Redis /

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation 2025-10-07 at 11:32 By Ionut Arghire Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation Read More »

$4.5 Million Offered in New Cloud Hacking Competition

bug bounty, cloud security, exploits, hacking competition, Wiz, Zeroday.Cloud /

$4.5 Million Offered in New Cloud Hacking Competition 2025-10-06 at 12:53 By Eduard Kovacs Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

$4.5 Million Offered in New Cloud Hacking Competition Read More »

Chekov: Open-source static code analysis tool

cloud security, code analysis, cybersecurity, Don't miss, GitHub, News, open source, software /

Chekov: Open-source static code analysis tool 2025-10-02 at 09:18 By Sinisa Markovic Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition analysis (SCA) for

React to this headline:

Loading spinner

Chekov: Open-source static code analysis tool Read More »

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device

Amd, Battering RAM, cloud security, CPU attack, DDR4, DRAM., Intel /

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device 2025-10-01 at 13:36 By Eduard Kovacs Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device. The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device

React to this headline:

Loading spinner

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device Read More »

CSA Unveils SaaS Security Controls Framework to Ease Complexity

Cloud, cloud security, framework, SaaS, Security Infrastructure /

CSA Unveils SaaS Security Controls Framework to Ease Complexity 2025-09-25 at 15:33 By Kevin Townsend New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence. The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CSA Unveils SaaS Security Controls Framework to Ease Complexity Read More »

New framework sets baseline for SaaS security controls

AppOmni, cloud security, Cloud Security Alliance, enterprise, framework, GuidePoint Security, MongoDB, News, SaaS /

New framework sets baseline for SaaS security controls 2025-09-25 at 10:12 By Anamarija Pogorelec Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk processes only look at the vendor’s overall security, not the app itself. That

React to this headline:

Loading spinner

New framework sets baseline for SaaS security controls Read More »

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

cloud security, Entra, Microsoft, Microsoft Entra, patch /

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher 2025-09-23 at 16:05 By Kevin Townsend The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra

React to this headline:

Loading spinner

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher Read More »

Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud

bug bounty, cloud security, CPU, Foreshadow, Google, L1TF, Spectre /

Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud 2025-09-22 at 15:59 By Ionut Arghire L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations. The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud Read More »

VMScape: Academics Break Cloud Isolation With New Spectre Attack

cloud security, CPU vulnerability, Spectre, VM /

VMScape: Academics Break Cloud Isolation With New Spectre Attack 2025-09-12 at 14:01 By Ionut Arghire Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

VMScape: Academics Break Cloud Isolation With New Spectre Attack Read More »

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users

APT29, cloud security, Cozy Bear, Identity & Access, Midnight Blizzard, Russia /

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users 2025-09-02 at 15:21 By Ionut Arghire The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled. The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users Read More »

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks

Cloud, cloud security, Featured, Ransomware, Storm-0501 /

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks 2025-08-29 at 16:25 By Ionut Arghire Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

AppOmni, cloud security, credentials, data theft, Don't miss, Google, Hot stuff, News, OAuth, Salesforce, third party compromise /

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

React to this headline:

Loading spinner

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

Docker Desktop Vulnerability Leads to Host Compromise

cloud security, Docker, vulnerability /

Docker Desktop Vulnerability Leads to Host Compromise 2025-08-26 at 14:34 By Ionut Arghire A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Docker Desktop Vulnerability Leads to Host Compromise Read More »

Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day

China APT, cloud security, Commvault, Silk Typhoon, Zero-Day /

Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day 2025-08-22 at 16:45 By Ionut Arghire Silk Typhoon was seen exploiting Citrix NetScaler and Commvault vulnerabilities for initial access to victim systems. The post Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day Read More »

Scroll to Top