Chekov: Open-source static code analysis tool 2025-10-02 at 09:18 By Sinisa Markovic Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition analysis (SCA) for […]
Chekov: Open-source static code analysis tool Read More »
Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device 2025-10-01 at 13:36 By Eduard Kovacs Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device. The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device
Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device Read More »
CSA Unveils SaaS Security Controls Framework to Ease Complexity 2025-09-25 at 15:33 By Kevin Townsend New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence. The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
CSA Unveils SaaS Security Controls Framework to Ease Complexity Read More »
New framework sets baseline for SaaS security controls 2025-09-25 at 10:12 By Anamarija Pogorelec Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk processes only look at the vendor’s overall security, not the app itself. That
New framework sets baseline for SaaS security controls Read More »
All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher 2025-09-23 at 16:05 By Kevin Townsend The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra
Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud 2025-09-22 at 15:59 By Ionut Arghire L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations. The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek. This article is
Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud Read More »
VMScape: Academics Break Cloud Isolation With New Spectre Attack 2025-09-12 at 14:01 By Ionut Arghire Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
VMScape: Academics Break Cloud Isolation With New Spectre Attack Read More »
Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users 2025-09-02 at 15:21 By Ionut Arghire The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled. The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users Read More »
Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks 2025-08-29 at 16:25 By Ionut Arghire Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared first on SecurityWeek. This article
Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395
Docker Desktop Vulnerability Leads to Host Compromise 2025-08-26 at 14:34 By Ionut Arghire A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Docker Desktop Vulnerability Leads to Host Compromise Read More »
Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day 2025-08-22 at 16:45 By Ionut Arghire Silk Typhoon was seen exploiting Citrix NetScaler and Commvault vulnerabilities for initial access to victim systems. The post Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day Read More »
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure 2025-08-22 at 12:22 By Eduard Kovacs AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check. The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek. This article is
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure Read More »
DevOps in the cloud and what is putting your data at risk 2025-08-22 at 07:33 By Help Net Security In this Help Net Security video, Greg Bak, Head of Product Enablement at GitProtect, walks through some of the biggest security risks DevOps teams are dealing with. He covers how AI tools can introduce vulnerabilities, including
DevOps in the cloud and what is putting your data at risk Read More »
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged 2025-08-21 at 14:38 By Zeljka Zorz AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged Read More »
CISOs need to think about risks before rushing into AI 2025-08-21 at 07:02 By Anamarija Pogorelec Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of 1,000 senior executives shows that business and IT leaders are not always aligned on what
CISOs need to think about risks before rushing into AI Read More »
AWS CISO explains how cloud-native security scales with your business 2025-08-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes
AWS CISO explains how cloud-native security scales with your business Read More »
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »
Security tooling pitfalls for small teams: Cost, complexity, and low ROI 2025-08-05 at 10:11 By Mirko Zorz In this Help Net Security interview, Aayush Choudhury, CEO at Scrut Automation, discusses why many security tools built for large enterprises don’t work well for leaner, cloud-native teams. He explains how simplicity, integration, and automation are key for
Security tooling pitfalls for small teams: Cost, complexity, and low ROI Read More »
What 50 companies got wrong about cloud identity security 2025-07-25 at 08:07 By Anamarija Pogorelec Most organizations still miss basic identity security controls in the cloud, leaving them exposed to breaches, audit failures, and compliance violations. A new midyear benchmark from Unosecur found that nearly every company scanned had at least one high-risk issue, with
What 50 companies got wrong about cloud identity security Read More »