Collecting Cyber-News from over 60 sources

Tag: cloud

What makes Agentic AI a powerful ally in cybersecurity?

Apr 1, 2026 5:30 AM

Tags: ai, cloud, cybersecurity, strategy

How Do Non-Human Identities Elevate Cybersecurity Strategies? Evolving cybersecurity demands innovative approaches to safeguard digital assets, and Non-Human Identities (NHIs) are at the forefront of this transformation. But what exactly are NHIs, and how do they fit into the broader context of cybersecurity, particularly in cloud environments? NHIs represent machine identities used within cybersecurity frameworks….…
Are you satisfied with your current NHI management?

Apr 1, 2026 5:30 AM

Tags: cloud, cyber, cybersecurity, service, threat

How Secure Are Your Non-Human Identities (NHIs)? With cyber threats evolving, have you considered how effectively you are managing your Non-Human Identities (NHIs)? This crucial aspect of cybersecurity often flies under the radar, overshadowed by more traditional concerns. However, where reliance on cloud services grows, ensuring robust NHI management is not just recommended”, it’s essential.…
Cloud Security Alliance Wins 2026 SC Award for AI Security Certification

Apr 1, 2026 12:30 AM

Tags: ai, cloud, governance, risk

CSA won a 2026 SC Award for its AI security certification, reflecting rising demand for AI risk and governance training. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/cloud-security-alliance-wins-2026-sc-award-for-ai-security-certification/
Bridging the Gap: CSA’s AI Security Initiatives at RSAC

Mar 31, 2026 11:31 PM

Tags: ai, cloud, cybersecurity, framework

Alan Shimel sits down with longtime friend and cybersecurity veteran Rich Mogull to discuss his new role as chief analyst at the Cloud Security Alliance. The conversation covers a lot of ground, from the rapid rise of agentic AI to how CSA is working to bridge the gap between high-level security frameworks and the practitioners..…
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

Mar 31, 2026 11:31 PM

Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windows

postinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
Google’s Vertex AI Has an Over-Privileged Problem

Mar 31, 2026 11:31 PM

Tags: ai, cloud, data, exploit, google

Palo Alto researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

Mar 31, 2026 11:31 PM

Tags: attack, breach, cloud, credentials, group, saas, threat

The threat group’s shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials
Supply chain attack on Axios npm package: Scope, impact, and remediations

Mar 31, 2026 10:30 PM

Tags: access, api, attack, breach, cloud, control, credentials, crypto, data, data-breach, defense, exploit, incident response, macOS, malicious, malware, open-source, rat, risk, security-incident, software, supply-chain, theft, threat, vulnerability, windows

The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeaways This incident is a…
Latest Xloader Obfuscation Methods and Network Protocol

Mar 31, 2026 6:31 PM

Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windows

Introduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection

Mar 31, 2026 6:31 PM

Tags: access, ai, api, attack, automation, business, cloud, container, control, cve, data, data-breach, exploit, framework, google, governance, iam, identity, intelligence, least-privilege, malicious, monitoring, network, remote-code-execution, risk, risk-analysis, service, software, strategy, supply-chain, threat, tool, unauthorized, update, vulnerability

Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, and research-backed protection against critical vulnerabilities, all designed to slash MTTR without disrupting your DevOps workflows. Key takeaways Automated governance via Explorer: Harness the power of Tenable’s unified data model, transforming…
BSidesSLC 2025 Considering Cloud Coverage In SIEM/XDR Design

Mar 31, 2026 5:29 PM

Tags: cloud

Author, Creator & Presenter: Chris Beckman – Principal Security Engineer at TaxBit Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-considering-cloud-coverage-in-siem-xdr-design/
BSidesSLC 2025 Considering Cloud Coverage In SIEM/XDR Design

Mar 31, 2026 5:29 PM

Tags: cloud

Author, Creator & Presenter: Chris Beckman – Principal Security Engineer at TaxBit Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-considering-cloud-coverage-in-siem-xdr-design/
Erfolgreicher Cyberangriff auf EU-Kommission spielt angeblich 350 Gigabyte an Daten in die Hände der ‘ShinyHunters”

Mar 31, 2026 4:30 PM

Tags: cloud, cyberattack, data-breach, hacker, infrastructure

Infolge des Cyberangriffs auf die Cloud-Infrastruktur der Europäischen Kommission rückt eine Tätergruppe in den Fokus, die Security-Experten schon länger auf dem Schirm haben. Forscher des europäischen IT-Sicherheitsherstellers ESET beobachten die Hacker-Gruppe ‘ShinyHunters” seit langem und sehen hinter dem aktuellen Datenleck ein typisches Muster. Der Angriff auf die Plattform Europa.eu wurde Ende März bekannt. Medienberichten zufolge…
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Mar 31, 2026 4:30 PM

Tags: access, ai, cloud, cybersecurity, data, google, intelligence, network, unauthorized, vulnerability

Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization’s cloud environment.According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission…
Let’s Stop Sovereignty Washing

Mar 31, 2026 12:29 PM

Tags: cloud, data

Don’t fall for “sovereignty washing.” Learn the technical difference between data residency and true digital sovereignty, the impact of the U.S. CLOUD Act, and the rise of European “Geopatriation.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/lets-stop-sovereignty-washing/
What Makes Browser Hijacking a Silent Threat?

Mar 31, 2026 9:31 AM

Tags: access, banking, cloud, credentials, email, threat

Web browsers act as a critical gateway to an organization’s digital ecosystem, enabling access to banking, email, cloud applications, and sensitive customer data. When attackers compromise this gateway, they can monitor user activity, redirect traffic, and capture confidential credentials without detection. This threat, known as browser hijacking, has become increasingly widespread, affecting organizations of all……
Why should you be excited about Agentic AI in cybersecurity?

Mar 31, 2026 5:30 AM

Tags: ai, cloud, cybersecurity

How Do Non-Human Identities Enhance Cloud Security? Have you ever wondered how to effectively manage the increasing complexity of cloud security amidst the rise of AI and digital transformations? Non-Human Identities (NHIs) might just be the solution you’re looking for. Where businesses transition to the cloud, they need robust solutions to manage machine identities and……
Cloud-Based EHR Vendor Notifies SEC About Hacking Incident

Mar 30, 2026 11:29 PM

Tags: cloud, cyber, data, hacking, incident, Intruder, software

CareCloud: Intruder Accessed Systems for 8 Hours, Still Assessing Extent of Breach. Electronic health records vendor CareCloud has notified the U.S. Securities and Exchange Commission of a cyber incident earlier this month that temporarily disrupted the software and accessed one of its EHR environments. The company is assessing whether patient data was accessed or stolen.…
Schwachstelle bei ChatGPT erlaubte Konversationsdaten auszulesen

Mar 30, 2026 6:30 PM

Tags: ai, bug, chatgpt, cloud, computing, infrastructure, openai, risk, vulnerability

Die Sicherheitsforscher von Check Point Research haben eine bislang unbekannte Sicherheitslücke aufgedeckt, die es ermöglichte, sensible ChatGPT-Konversationsdaten unbemerkt ohne Wissen oder Zustimmung der Nutzer abzusaugen. Inzwischen hat OpenAI die Lücke geschlossen. Die entdeckte Schwachstelle zeigt, KI-Plattformen müssen wie Cloud- und Computing-Infrastruktur behandelt werden. Die integrierte Sicherheit beseitigt Risiken nicht. Unternehmen können sich nicht […] First…
vDefend’s Built-in Advantage: Enable Closed-Loop Lateral Security for Zero-Trust Private Cloud

Mar 30, 2026 4:30 PM

Tags: cloud, cybersecurity, finance, strategy, zero-trust

Cybersecurity strategy now shapes how enterprises design cloud platforms, application environments, and core infrastructure. The financial stakes are significant. The next step is architectural: turning zero-trust strategy into foundational systems that enforce it by design rather than as an afterthought. In private cloud environments, that shift matters. Segmentation macro as well as micro .. First…
Second data breach at European Commission this year leaves open questions over resilience

Mar 30, 2026 2:30 PM

Tags: breach, cloud, cyberattack, data, data-breach, infrastructure, resilience

The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/european-commission-cyberattack-cloud-infrastructure-website/
APIs are the new perimeter: Here’s how CISOs are securing them

Mar 30, 2026 1:29 PM

Tags: access, ai, api, attack, authentication, banking, breach, business, ciso, cloud, compliance, computer, control, credentials, cyber, data, data-breach, defense, edr, endpoint, exploit, finance, gartner, governance, group, Hardware, identity, infrastructure, iot, least-privilege, malicious, mobile, monitoring, network, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vulnerability, vulnerability-management, waf

Legacy defenses can’t keep up: Traditional perimeter-based defenses are often insufficient against API-layer attacks. Traditional security defenses, such as EDR, XDR, and WAF, “primarily focus on clients, hardware, and software endpoints, looking at IP-based attack vectors,” explains BECU’s Murphy. “APIs bring us into the world of business logic and runtime types of issues.”Others agree that…
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials

Mar 30, 2026 1:29 PM

Tags: cloud, credentials, crypto, hacker, malicious

Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 4.87.2) of its Python SDK to steal cloud and crypto credentials. First seen on hackread.com Jump to article: hackread.com/teampcp-fake-ringtone-file-tainted-telnyx-sdk-credentials/
Telnyx Python SDK Backdoored on PyPI to Steal Cloud Credentials

Mar 30, 2026 12:30 PM

Tags: cloud, credentials, cyber, infrastructure, kubernetes, malicious, pypi

The popular Telnyx Python SDK on PyPI to deploy a multi”‘stage credential”‘stealing operation that targets cloud infrastructure, Kubernetes clusters, and developer environments at scale. On March 27, 2026, TeamPCP uploaded two malicious Telnyx SDK releases, versions 4.87.1 and 4.87.2, directly to PyPI at around 03:51 UTC, bypassing the normal GitHub”‘backed release flow used by the…
European Commission Confirms Cloud Data Breach

Mar 30, 2026 11:29 AM

Tags: breach, cloud, data, data-breach, infrastructure

The European Commission has revealed details of a data breach impacting its AWS infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/european-commission-cloud-data/
Cyberangriff: Hacker attackieren Cloud-Infrastruktur der EU-Kommission

Mar 30, 2026 11:29 AM

Tags: cloud, cyberattack, hacker, infrastructure

Eine bekannte Hackergruppe will über 350 GByte an Daten erbeutet haben. Sie stammen mutmaßlich aus einem AWS-Konto der EU-Kommission. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-hacker-attackieren-cloud-infrastruktur-der-eu-kommission-2603-207045.html
CanisterWorm Targets Docker, Kubernetes, and Redis to Steal Secrets

Mar 30, 2026 9:30 AM

Tags: access, api, cloud, credentials, cyber, cybercrime, data-breach, docker, exploit, extortion, group, kubernetes, malware, unauthorized, vulnerability

A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “CanisterWorm.” The campaign targets exposed Docker APIs, Kubernetes clusters, Redis servers, and known vulnerabilities like React2Shell to gain unauthorized access, steal credentials, and extort victims. The activity escalated over the past weekend with a destructive…
Datensicherung in Zeiten der Cloud: Die unterschätzte Verantwortung für Backups in Microsoft 365

Mar 30, 2026 8:30 AM

Tags: backup, cloud, microsoft

Microsoft 365 ist in vielen Unternehmen längst der Ort, an dem sich große Teile des Arbeitsalltags abspielen. Kommunikation, Zusammenarbeit und Wissensmanagement finden heute überwiegend über Exchange Online, Teams, OneDrive, SharePoint oder OneNote statt. Damit ist Microsoft 365 längst mehr als ein Produktivitätswerkzeug es bildet die Grundlage zahlreicher geschäftskritischer Prozesse. Vor diesem Hintergrund wird… First seen…
What role does innovation play in Agentic AI development?

Mar 30, 2026 1:30 AM

Tags: ai, cloud, cybersecurity

How Are Non-Human Identities Shaping Cybersecurity? Have you ever wondered how machine identities are transforming cybersecurity dynamics? Managing Non-Human Identities (NHIs) has emerged as a significant focal point for security experts, especially in cloud environments. When organizations grapple with the complexities of cybersecurity, understanding the nuances of NHI management offers a strategic advantage. Decoding Non-Human……
Are your NHIs fully supported for optimal performance?

Mar 30, 2026 1:30 AM

Tags: cloud, cyber, cybersecurity, identity, threat

The Strategic Imperative of Non-Human Identity Management How secure is your organization when it comes to managing Non-Human Identities (NHIs)? With the increasing prevalence of cyber threats, optimizing NHI performance has become a cornerstone of effective cybersecurity strategies. NHIs, essentially machine identities, are pivotal in maintaining a secure digital, especially in cloud-based environments. Their management……