Tag: cloud
-
TechTalk: Unser KI-Workshops machen Lücken und Versäumnisse transparent
Wenn ein Thema auf der diesjährigen European Identity Cloud Conference allgegenwärtig war, dann sicherlich Agentic AI. Dass die damit verbundenen KI-Helfer nicht nur ungetrübten Spaß verbreiten, wurde in Berlin schnell klar. Doch was sind die wesentlichen Herausforderungen dabei? Das wollten wir von Andre Priebe wissen, der mit Kunden und Partnern der iC Consult genau darüber…
-
Making the cloud prove it followed your privacy wishes
Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/gdpr-compliant-cloud-storage-privacy/
-
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
-
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
-
Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks
A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication controls and deliver forged messages directly to users’ inboxes. The issue, identified by security researchers Lucas Dodgson, Tobias Oberdörfer, and Robin Hilber, stems from misconfigurations in hybrid or cloud email deployments…
-
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026
In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of IoT devices, the old >>castle-and-moat<< security model where everything inside the network is trusted by default is no longer viable. This outdated approach leaves organizations vulnerable to sophisticated attacks, including lateral…
-
TechTalk: Okta vereint sämtliche Identity-Tools unter einem Layer
Auf der diesjährigen European Identity Cloud Conference in Berlin durften wir unter anderem mit dem Sicherheitsanbieter Okta dieses Videointerview führen, und das in persona mit Thomas Heinz. Von dem wollten wir wissen, warum sich Unternehmen dieser Tage mit dem Thema Identity Security Fabric beschäftigen sollten, und welche Maßnahmen für den sicheren Betrieb von KI-Agenten erforderlich…
-
TechTalk: Okta vereint sämtliche Identity-Tools unter einem Layer
Auf der diesjährigen European Identity Cloud Conference in Berlin durften wir unter anderem mit dem Sicherheitsanbieter Okta dieses Videointerview führen, und das in persona mit Thomas Heinz. Von dem wollten wir wissen, warum sich Unternehmen dieser Tage mit dem Thema Identity Security Fabric beschäftigen sollten, und welche Maßnahmen für den sicheren Betrieb von KI-Agenten erforderlich…
-
Startup Geordie AI Lands $30M to Secure Enterprise AI Agents
Series A Funding Supports Visibility Across Cloud, Code and Endpoint Environments. Geordie AI, the 2026 RSAC Innovation Sandbox winner, raised $30 million in Series A funding to expand a platform that provides visibility, governance and behavioral monitoring for AI agents operating across cloud, code and endpoint environments as enterprises accelerate autonomous AI adoption. First seen…
-
Startup Geordie AI Lands $30M to Secure Enterprise AI Agents
Series A Funding Supports Visibility Across Cloud, Code and Endpoint Environments. Geordie AI, the 2026 RSAC Innovation Sandbox winner, raised $30 million in Series A funding to expand a platform that provides visibility, governance and behavioral monitoring for AI agents operating across cloud, code and endpoint environments as enterprises accelerate autonomous AI adoption. First seen…
-
Startup Geordie AI Lands $30M to Secure Enterprise AI Agents
Series A Funding Supports Visibility Across Cloud, Code and Endpoint Environments. Geordie AI, the 2026 RSAC Innovation Sandbox winner, raised $30 million in Series A funding to expand a platform that provides visibility, governance and behavioral monitoring for AI agents operating across cloud, code and endpoint environments as enterprises accelerate autonomous AI adoption. First seen…
-
Reducing security operations complexity with Wazuh Cloud
Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/reducing-security-operations-complexity-with-wazuh-cloud/
-
Mini-Shai-Hulud zeigt Ohne CyberIntelligence bleibt Supply-Chain-Security blind
In vielen Unternehmen herrscht noch immer die Annahme, dass Cyberangriffe primär auf Firewalls, Server oder Mitarbeiter abzielen. Die Realität sieht inzwischen anders aus. Angreifer attackieren zunehmend die digitale Supply-Chain, also genau die Softwarebausteine, Cloud-Dienste und Entwicklungsprozesse, auf denen moderne Unternehmen täglich aufbauen. Der aktuelle ‘Mini Shai Hulud”-Vorfall rund um kompromittierte npm-Pakete zeigt das sehr deutlich.…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers
A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF) condition in the replication subsystem. Discovered by security researcher Yoni Sherez during the ZeroDay. In the Cloud 2025 competition, the flaw demonstrates how Redis’s internal Lua execution model and replication logic…
-
(g+) Cloud Security 2026: Zero Trust für die Wolke?
Wer die Cloud schützen will, muss Sicherheit schneller, kontextbezogener und näher an den Identitäten, Workloads sowie Datenströmen denken als bisher. First seen on golem.de Jump to article: www.golem.de/news/cloud-security-2026-zero-trust-fuer-die-wolke-2606-209450.html
-
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments. First seen on hackread.com Jump to article: hackread.com/pink-extortion-microsoft-365-cloud-data-vishing-scams/
-
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited No Patch Available
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP)”A…
-
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack. First seen on hackread.com Jump to article: hackread.com/miasma-malware-red-hat-packages-github-account/
-
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The package bundles two draft laws, a Chips Act 2.0 and a Cloud and AI Development Act (CADA), alongside an Open Source Strategy and a roadmap for digitalizing the energy system. First seen on therecord.media Jump to article: therecord.media/eu-unveils-tech-sovereignty-package-cut-reliance-us-china
-
New Magecart Attack Abuses Stripe as Malware C2
A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer metadata and delivering it to victim checkouts via Google Tag Manager. The combination makes Stripe both the command server for arbitrary code and the durable exfiltration sink for stolen card data, using domains (googletagmanager.com…
-
The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews
The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-extortion-android-cloud/
-
PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network
Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack…
-
Azul gewinnt vier Stevie Awards 2026 für Enterprise-Java, Cloud-Optimierung, DevOps und KI-Infrastruktur
Azul, Anbieter von Enterprise-Java-Lösungen für KI- und Cloud-First-Umgebungen, ist bei den 24th Annual American Business Awards mit vier Stevie Awards ausgezeichnet worden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/azul-gewinnt-vier-stevie-awards-2026-fuer-enterprise-java-cloud-optimierung-devops-und-ki-infrastruktur/a45385/
-
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network.”Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every…
-
SentinelOne Lays Off 8% of Staff as Internal Use of AI Grows
Frontier AI Models Accelerate Tasks Once Measured in Months to Weeks or Days. SentinelOne will cut about 240 employees, citing productivity gains from frontier AI models that have dramatically accelerated internal workflows, while redirecting savings into AI security, cloud, data and endpoint initiatives to drive long-term growth and profitability. First seen on govinfosecurity.com Jump to…
-
EU Prepares Path for Shutting Out US Cloud Providers
Commission Proposes That Sensitive Public Data Should Be Kept Local. The European Union’s executive arm singled a strong dislike for U.S. cloud service provider participation in public-sector procurements in a long-delayed legislative package meant to bolster continental self-sufficiency. The proposal called for sensitive public data to be stored locally. First seen on govinfosecurity.com Jump to…