Collecting Cyber-News from over 60 sources

Tag: cloud

European Commission breach exposed data of 30 EU entities, CERT-EU says

Apr 4, 2026 11:52 AM

Tags: breach, cloud, data, data-breach, group, threat

CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed…
Top 10 Best Identity And Access Management (IAM) Companies 2026

Apr 4, 2026 8:50 AM

Tags: access, cloud, cyber, identity, saas, threat

In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pillar of enterprise security. As organizations navigate the complexities of multi-cloud environments, remote workforces, burgeoning SaaS applications, and the relentless rise of cyber threats, the ability to accurately verify who (or what) is…
Supply Chain Attacks Surge in March 2026

Apr 4, 2026 5:53 AM

Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windows

IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
How reliable are NHIs in identity management

Apr 4, 2026 12:51 AM

Tags: cloud, cybersecurity, identity, password

How Does NHI Management Enhance Security and Efficiency? Is your organization effectively tackling security gaps caused by machine identities? This question becomes critical with Non-Human Identities (NHIs) grows exponentially, driven by cloud adoption and automated systems. In cybersecurity, NHIs are machine identities comprising encrypted credentials”, like passwords, tokens, or keys”, paired with the permissions assigned…
7 ways to improve your business resilience with backup and recovery

Apr 3, 2026 10:52 PM

Tags: attack, automation, backup, business, cloud, compliance, control, cyber, data, dns, HIPAA, identity, malware, metric, network, PCI, ransomware, resilience, risk, service, soc, threat, vulnerability

2. Ensure off-site backup copies : Local backups are fast, but they are also vulnerable to the same physical disasters and ransomware attacks that hit your primary servers. If your production environment and your backups are on the same network segment without air-gapping, a single compromise becomes a total extinction event. The Fix: Adopt a 3-2-1 strategy (3 total copies of data, 2 different media…
5 Steps to break free from alert fatigue and build resilient security operations

Apr 3, 2026 10:52 PM

Tags: ai, attack, automation, backup, business, ceo, cloud, control, defense, detection, edr, endpoint, identity, metric, network, password, ransomware, resilience, soc, strategy, threat, tool

2. Prioritize outcomes over ticket volume : Stop focusing on how many alerts are cleared. This may be a metric for a better understanding of where automation or headcount are necessary but prioritize outcomes. Instead, the right questions are: How quickly did you contain a threat? Did we disrupt business operations or keep recovery swift and effective? A practical, outcome-driven SOC measures: Dwell time: How long before a threat was neutralized? Mean Time to Contain: How quickly…
6 metrics IT leaders can’t afford to ignore for business resilience

Apr 3, 2026 10:52 PM

Tags: access, attack, automation, awareness, backup, business, cloud, compliance, credentials, cyber, cybersecurity, data, detection, endpoint, identity, incident response, metric, monitoring, network, resilience, risk, soar, soc, theft, threat, tool, update, vulnerability

2. Mean time to respond (MTTR): From triage to containment : It’s not enough to spot threats”, you have to contain them fast. MTTR tracks how quickly your team can isolate and neutralize incidents. Integrated SOAR (Security Orchestration, Automation, and Response) workflows now drive a 500% year-over-year increase in orchestrated alert response actions, according to our latest SOC report. The difference? Teams leveraging automation have moved from after-the-fact…
12 cyber industry trends revealed at RSAC 2026

Apr 3, 2026 11:51 AM

Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, training

Legacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
Trivy supply chain attack enabled European Commission cloud breach

Apr 3, 2026 9:51 AM

Tags: attack, breach, cloud, infrastructure, supply-chain

CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/
CERT-EU: European Commission hack exposes data of 30 EU entities

Apr 3, 2026 9:51 AM

Tags: cloud, cybersecurity, data, data-breach, group, service, threat

The European Union’s Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cert-eu-european-commission-hack-exposes-data-of-30-eu-entities/
What Happens When Data Centers Become Military Targets?

Apr 3, 2026 6:51 AM

Tags: business, cio, cloud, data, middle-east, military, technology, threat

It’s Time for CIOs to Rethink Business Continuity Plans and Cloud Resources The targeting of commercial cloud data centers in the Middle East marks a turning point for CIOs and enterprise leaders. Geopolitics and military conflicts are definite threats to vital technology infrastructure. The question is: How well-prepared and resilient is your enterprise? First seen…
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers

Apr 3, 2026 1:51 AM

Tags: access, advisory, attack, botnet, cctv, china, cloud, control, corporate, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, defense, detection, endpoint, espionage, exploit, finance, firmware, flaw, government, group, hacking, healthcare, infrastructure, intelligence, international, Internet, iot, iran, law, linux, malware, network, office, privacy, ransomware, resilience, risk, russia, service, supply-chain, technology, threat, tool, ukraine, unauthorized, update, vpn, vulnerability, warfare, windows, zero-day, zero-trust

TL;DR Security cameras, IoT, and OT devices that are meant to protect us, are easily compromised and turned against defenders, enabling nation-state reconnaissance (Iranian hacks on Hikvision/Dahua cameras during strikes, Russian webcam abuse in Ukraine), espionage via exposed live feeds, ransomware pivots (Akira group bypassing EDR), massive botnets (Mirai/Eleven11bot), and physical disruption. Structural weaknesses like…
AWS, Wasabi, Cloudflare, and Backblaze go headhead in new cloud storage test

Apr 3, 2026 12:51 AM

Tags: cloud, data

Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, attempts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/backblaze-cloud-storage-benchmark-2026/
How can Agentic AI improve organizational security

Apr 3, 2026 12:51 AM

Tags: ai, cloud, cybersecurity, service

How Can Machine Identities Enhance Cybersecurity? Could the management of non-human identities (NHIs) be the key to strengthening cybersecurity across various industries? With the increasing adoption of cloud services, the demand for robust security measures has never been more critical. NHIs play a pivotal role in creating a secure digital environment by combining an encrypted……
How do NHIs build trust in cloud security?

Apr 3, 2026 12:51 AM

Tags: cloud, cybersecurity, data

How Do Machine Identities Create a Secure Environment? What happens when an organization’s data falls into the wrong hands due to mishandled machine identities? This concern is at the forefront of contemporary cybersecurity challenges. Machine identities, or Non-Human Identities (NHIs), are becoming increasingly pivotal in securing cloud environments. This discussion delves into how NHIs establish……
How Treating AI Agents as Identities Can Reduce Enterprise AI Risk

Apr 2, 2026 7:51 PM

Tags: access, ai, api, cloud, credentials, infrastructure, risk

AI agents are no longer experimental. They’re running production workloads, calling APIs, querying databases, provisioning infrastructure, and making decisions across cloud environments. Ironically these agents often end up with more access than the developers who built them. They operate with real credentials, real permissions, and real consequences when something goes wrong. What most enterprise security……
Real-Time Cyber Threat Detection

Apr 2, 2026 7:51 PM

Tags: api, attack, cloud, cyber, cyberattack, detection, endpoint, threat

Real-time cyber threat detection has become a critical requirement for modern organizations as cyberattacks grow more advanced, automated, and unpredictable. In today’s digital-first world, businesses operate across cloud platforms, remote environments, APIs, endpoints, and interconnected systems, creating a vast and dynamic attack surface. Traditional security approaches that rely on delayed analysis or manual intervention are…
Threat Detection Software

Apr 2, 2026 7:51 PM

Tags: ai, api, attack, automation, cloud, cybersecurity, detection, infrastructure, intelligence, saas, software, threat

Threat detection software has become an essential pillar of modern cybersecurity as organizations face a rapidly evolving threat landscape driven by automation, artificial intelligence, and increasingly sophisticated attack techniques. In today’s hyperconnected digital environment, businesses rely heavily on cloud platforms, remote work infrastructure, SaaS applications, APIs, and interconnected systems that significantly expand the attack surface.…
FedRAMP Ready, Class A Certification, and Breaking Into the Federal Market

Apr 2, 2026 6:51 PM

Tags: cloud, fedramp, government, saas, tool, update

The updates and expansion of FedRAMP make a few things clear, the most significant of which is that government agencies are counting on cloud tools to help them do their work. But they also want certainty. The FedRAMP Ready designation was meant to bridge the gap between agencies seeking audited platforms and SaaS providers seeking”¦…
DeepL setzt auf AWS vom Vorzeigeprojekt zur Cloud-Abhängigkeit

Apr 2, 2026 5:50 PM

Tags: cloud

DeepL setzt künftig auf AWS und verliert damit ein zentrales Argument. Was bedeutet das für Datenschutz und digitale Souveränität? First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/kuenstliche-intelligenz/deepl-setzt-auf-aws-vom-vorzeigeprojekt-zur-cloud-abhaengigkeit-327938.html
How ‘Wikipedia of cyber’ helps SAP make sense of threat data

Apr 2, 2026 5:50 PM

Tags: cloud, compliance, cyber, data, sap, threat, tool

SAP runs enormous cloud environments for some of the world’s most heavily-regulated organisations, and in the hyperscale era, data security and compliance were becoming big challenges. It turned to cutting-edge agentic tools from Uptycs to cut through the noise First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641057/How-Wikipedia-of-cyber-helps-SAP-make-sense-of-threat-data
Europäische Kommission bestätigt Datenpanne auf der Webplattform Europa.eu durch einen Cyberangriff von Shinyhunters

Apr 2, 2026 2:51 PM

Tags: ceo, cloud, cyberattack, risk

Die Europäische Kommission hat eine Datenpanne bestätigt, nachdem ihre Webplattform Europa.eu bei einem Cyberangriff gehackt wurde. Die Angreifergruppe Shinyhunters hat sich zu der Erpressungsattacke bekannt. Ein Kommentar von Darren Guccione, CEO und Mitbegründer von Keeper Security. Die gemeldete Datenpanne bei der Europäischen Kommission verdeutlicht das anhaltende Risiko in modernen Cloud-Umgebungen. Die Sicherheitsgrenze ist nicht länger…
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor

Apr 2, 2026 8:50 AM

Tags: access, attack, backdoor, cloud, cyber, malicious, malware, windows

A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign but execute as scripts when opened on Windows. Once launched, the initial script creates hidden folders…
Google’s Vertex AI Is Over-Privileged. That’s a Problem

Apr 1, 2026 8:31 PM

Tags: ai, cloud, data, exploit, google, network

Palo Alto Networks researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
CultureAI Launches on Microsoft Marketplace to Accelerate Secure AI Adoption

Apr 1, 2026 2:29 PM

Tags: ai, cloud, marketplace, microsoft

This week, CultureAI has announced the availability of its platform on Microsoft Marketplace, marking a step aimed at simplifying how organisations discover, deploy and manage AI usage controls. Microsoft Marketplace, a unified storefront combining Azure Marketplace and AppSource, enables organisations to find, purchase and deploy thousands of cloud and AI solutions within their existing Microsoft…
Mazda Data Breach Exposing Employee and Partner Records Via System Vulnerability

Apr 1, 2026 1:29 PM

Tags: breach, cloud, cybersecurity, data, data-breach, risk, vulnerability

Modern enterprises rely heavily on cloud platforms and interconnected systems to manage operations and customer data. While these technologies enable scale and efficiency, they also introduce new risks when configurations are not properly secured. New reporting from Cybersecurity News reveals a data exposure incident involving Mazda, where sensitive data was reportedly left accessible due to…
Google Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Access

Apr 1, 2026 8:30 AM

Tags: access, ai, attack, cloud, cyber, data, exploit, google, intelligence, malicious, network, vulnerability

Artificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Alto Networks’ Unit 42 recently uncovered a significant vulnerability in Google Cloud Platform’s (GCP) Vertex AI Agent Engine. By exploiting overly broad default permissions, attackers can deploy a malicious >>double agent<< to secretly exfiltrate sensitive data…
NIS2 im Microsoft-365-Umfeld: Wenn Cloud-Produktivität zur Sicherheitsarchitektur wird

Apr 1, 2026 7:30 AM

Tags: cloud, cybersecurity, microsoft, nis-2, phishing

Kommentar von Umut Alemdar, Senior Vice President Cybersecurity bei Hornetsecurity by Proofpoint »Ein kompromittiertes Benutzerkonto, das innerhalb weniger Minuten die interne Kommunikation übernimmt. Phishing-Links, die sich über Teams verbreiten. Dokumente, auf die plötzlich niemand mehr zugreifen kann. Solche Vorfälle sind längst kein Ausnahmefall mehr. Sie zeigen vor allem eines: Wie abhängig Geschäftsprozesse heute von cloudbasierten……
Workload IAM vs. Secrets Management: A Practical Decision Guide

Apr 1, 2026 6:31 AM

Tags: cloud, credentials, guide, iam, identity

6 min readMost organizations start their nonhuman identity security program with a secrets manager. It’s a sensible first step. But as workloads multiply across clouds and the credential sprawl grows, the question shifts from “where do we store secrets?” to “do we need secrets at all?” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/workload-iam-vs-secrets-management-a-practical-decision-guide/
Why be optimistic about the future of Agentic AI?

Apr 1, 2026 5:30 AM

Tags: ai, cloud, cybersecurity, strategy

How Do Non-Human Identities Revolutionize Cloud Security? Have you ever wondered about the hidden complexities lurking behind cloud security? Organizations are increasingly reliant on cloud-based solutions, and one of the most innovative strategies to bolster security is through effective management of Non-Human Identities (NHIs). These NHIs are crucial players in cybersecurity, particularly when dealing with……