Tag: cloud

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

Dec 1, 2025 3:49 PM

Tags: attack, cloud, credentials, google, worm

The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shai-hulud-variant-cloud-ecosystem
Wiz Unveils Revamped Channel Program, Major Partner Services Push

Dec 1, 2025 2:49 PM

Tags: ai, cloud, service

Wiz debuted a refreshed partner program Monday including a dedicated services track for the first time, as the cloud and AI security superstar seeks to deepen its channel engagement in a fast-moving market, executives told CRN exclusively. First seen on crn.com Jump to article: www.crn.com/news/security/2025/wiz-unveils-revamped-channel-program-major-partner-services-push
Wiz Unveils Revamped Channel Program, Major Partner Services Push

Dec 1, 2025 2:49 PM

Tags: ai, cloud, service

Wiz debuted a refreshed partner program Monday including a dedicated services track for the first time, as the cloud and AI security superstar seeks to deepen its channel engagement in a fast-moving market, executives told CRN exclusively. First seen on crn.com Jump to article: www.crn.com/news/security/2025/wiz-unveils-revamped-channel-program-major-partner-services-push
âš¡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

Dec 1, 2025 2:49 PM

Tags: browser, cloud, cve, email, hacker, leak, mail, phone, rce, remote-code-execution, tool, worm

Hackers aren’t kicking down the door anymore. They just use the same tools we use every day, code packages, cloud accounts, email, chat, phones, and “trusted” partners, and turn them against us.One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone,…
Enterprise password audits made practical for busy security teams

Dec 1, 2025 7:49 AM

Tags: cloud, password, risk, service, tool

Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/01/enterprise-password-audits/
Enterprise password audits made practical for busy security teams

Dec 1, 2025 7:49 AM

Tags: cloud, password, risk, service, tool

Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/01/enterprise-password-audits/
Schwachstellen in Fluent Bit gefährdeten USInstanzen

Nov 30, 2025 12:49 AM

Tags: cloud, google, microsoft, open-source, software, vulnerability

Cloud-Anbieter wie AWS, Microsoft oder Google verwenden die Open Source-Software Fluent Bit zur Erfassung von Telemetriedaten (Monitoring). Gleich fünf Schwachstellen in dieser Software hätten die Remote-Übernahme von Containern, die auf den entsprechenden Cloud-Instanzen gehostet wurden, ermöglichet. Nutzer sollten die Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/schwachstellen-in-oss-tool-fluent-bit-gefaehrdete-us-cloud-instanzen/
Mystery OAST Tool Exploits 200 CVEs Using Google Cloud for Large-Scale Attacks

Nov 29, 2025 4:49 PM

Tags: application-security, attack, cloud, cve, cyber, exploit, google, infrastructure, service, threat, tool

A sophisticated threat actor has been operating a private Out-of-band Application Security Testing (OAST) service hosted on Google Cloud infrastructure to conduct a large-scale exploit campaign targeting more than 200 CVEs, according to new research from VulnCheck. Private OAST Domain Raises Red Flags Security researchers at VulnCheck identified unusual activity involving callbacks to detectors-testing.com, an unfamiliar…
Volle Datenhoheit für Nutzer: Dwinity launcht unknackbare Blockchain-Cloud

Nov 29, 2025 1:49 PM

Tags: blockchain, cloud

Während herkömmliche Cloud-Dienste zentrale Server nutzen und damit potenzielle Angriffsflächen bieten , verfolgt Dwinity einen konsequent dezentralen Ansatz. Dateien werden beim Hochladen in Fragmente zerlegt, verschlüsselt und anschließend auf viele unabhängige Knoten (‘Nodes”) im Netzwerk verteilt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/volle-datenhoheit-fuer-nutzer-dwinity-launcht-unknackbare-blockchain-cloud/a43002/
(g+) KI verschärft Sicherheitsrisiken: Sieben-Punkte-Plan für CTOs zum Schutz der Cloud

Nov 29, 2025 10:49 AM

Tags: ai, cloud, cyberattack

Wer große Cloudanbieter nutzt, hat den Komfort, aber auch ein Sicherheitsrisiko. Was CTOs tun können, um sich gegen Cyberattacken zu wappnen. First seen on golem.de Jump to article: www.golem.de/news/ki-verschaerft-sicherheitsrisiken-sieben-punkte-plan-fuer-ctos-zum-schutz-der-cloud-2511-202689.html
Verantwortung in der Cloud: Das Shared-Responsibility-Modell

Nov 29, 2025 12:49 AM

Tags: cloud

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/verantwortung-cloud-shared-resposibility
Public GitLab repositories exposed more than 17,000 secrets

Nov 28, 2025 7:49 PM

Tags: cloud, data-breach, gitlab

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/public-gitlab-repositories-exposed-more-than-17-000-secrets/
GrapheneOS bails on OVHcloud over France’s privacy stance

Nov 28, 2025 5:49 PM

Tags: access, cloud, privacy

Project cites fears of state access as cloud sovereignty row deepens First seen on theregister.com Jump to article: www.theregister.com/2025/11/28/grapheneos_ovhcloud/
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security

Nov 28, 2025 6:49 AM

Tags: cloud, cyber, identity, login, microsoft, unauthorized, update

Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The update is designed to stop unauthorized or injected code from executing on the login page. It is part of Microsoft’s broader Secure Future Initiative to harden its cloud identity platform.…
Alibaba Cloud can’t deploy servers fast enough to satisfy demand for AI

Nov 28, 2025 5:49 AM

Tags: ai, china, cloud, infrastructure

Chinese giant adds to ‘No AI bubble’ babble by citing oversubscribed infrastructure and surging demand First seen on theregister.com Jump to article: www.theregister.com/2025/11/26/alibaba_q2_2025/
Alibaba Cloud can’t deploy servers fast enough to satisfy demand for AI

Nov 28, 2025 5:49 AM

Tags: ai, china, cloud, infrastructure

Chinese giant adds to ‘No AI bubble’ babble by citing oversubscribed infrastructure and surging demand First seen on theregister.com Jump to article: www.theregister.com/2025/11/26/alibaba_q2_2025/
Alibaba Cloud can’t deploy servers fast enough to satisfy demand for AI

Nov 28, 2025 5:49 AM

Tags: ai, china, cloud, infrastructure

Chinese giant adds to ‘No AI bubble’ babble by citing oversubscribed infrastructure and surging demand First seen on theregister.com Jump to article: www.theregister.com/2025/11/26/alibaba_q2_2025/
Alibaba Cloud can’t deploy servers fast enough to satisfy demand for AI

Nov 28, 2025 5:49 AM

Tags: ai, china, cloud, infrastructure

Chinese giant adds to ‘No AI bubble’ babble by citing oversubscribed infrastructure and surging demand First seen on theregister.com Jump to article: www.theregister.com/2025/11/26/alibaba_q2_2025/
Alibaba Cloud can’t deploy servers fast enough to satisfy demand for AI

Nov 28, 2025 5:49 AM

Tags: ai, china, cloud, infrastructure

Chinese giant adds to ‘No AI bubble’ babble by citing oversubscribed infrastructure and surging demand First seen on theregister.com Jump to article: www.theregister.com/2025/11/26/alibaba_q2_2025/
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an

Nov 27, 2025 2:49 PM

Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windows

Die APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…
Utimaco-Dienst soll Kontrolle über Cloud-Schlüssel verbessern – Enterprise Key Manager as a Service für Microsoft Azure

Nov 27, 2025 9:49 AM

Tags: cloud, microsoft, service

First seen on security-insider.de Jump to article: www.security-insider.de/utimaco-ekmaas-schluesselverwaltung-fuer-azure-nutzer-a-eb4c8f6e8441b055f410465bfda3e778/
CSPM buyer’s guide: How to choose the best cloud security posture management tools

Nov 27, 2025 8:49 AM

Tags: access, ai, api, automation, awareness, best-practice, breach, business, cloud, compliance, container, control, crowdstrike, cybercrime, data, data-breach, defense, detection, exploit, framework, google, governance, group, guide, infrastructure, intelligence, kubernetes, leak, LLM, microsoft, monitoring, network, programming, risk, risk-assessment, saas, service, software, strategy, threat, tool, training, unauthorized, vulnerability

cloud security posture management (CSPM) enterprise buyer’s guide today! ] In this buyer’s guide Cloud security posture management (CSPM) explainedWhat to look for in cloud security posture management (CSPM) toolsLeading vendors for cloud security posture management (CSPM)What to ask your cloud security posture management (CSPM) providerEssential readingThat’s where CSPM tools can help. These tools continuously…
Von LLM generierte Malware wird immer besser

Nov 27, 2025 5:49 AM

Tags: cloud, exploit, LLM, malware, openai, threat, vmware

Forscher tricksen Chatbots aus, stoßen aber auf unzuverlässige Ergebnisse.Cyberkriminelle versuchen bereits seit geraumer Zeit, mit Hilfe von Large Language Models (LLM) ihre dunklen Machenschaften zu automatisieren. Aber können sie schon bösartigen Code generieren, der ‘marktreif” und bereit für den operativen Einsatz ist? Das wollten die Forschenden von Netskope Threat Labs herausfinden, indem sie Chatbots dazu…
Keine digitale Souveränität: Französischer Richter Nicolas Guillou nach US-Sanktionen in Digitaler Steinzeit; OVH soll Daten eines Kunden an Kanada liefern

Nov 27, 2025 12:49 AM

Tags: cloud

US-Sanktionen des am Internationalen Strafgerichtshof tätigen französischen Richters Nicolas Guillou katapultieren diesen in die digitale Steinzeit der neunziger Jahre zurück. Und in Kanada hat ein Gericht den französischen Cloud-Anbieter OVH dazu verdonnert, Daten herauszugeben, die auf europäischen Cloud-Servern liegen. Die Fälle … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/27/franzoesischer-richter-nicolas-guillou-nach-us-sanktionen-in-digitaler-steinzeit/
Microsoft tightens cloud login process to prevent common attack

Nov 26, 2025 5:49 PM

Tags: attack, cloud, exploit, hacker, login, microsoft

Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-change-cloud-login-entra-id-xss/806556/
Microsoft tightens cloud login process to prevent common attack

Nov 26, 2025 5:49 PM

Tags: attack, cloud, exploit, hacker, login, microsoft

Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-change-cloud-login-entra-id-xss/806556/
The Attack Surface of Cloud-Based Generative AI Applications is Evolving

Nov 26, 2025 3:50 PM

Tags: ai, attack, cloud, intelligence

It is the right time to talk about this. Cloud-based Artificial Intelligence, or specifically those big, powerful Large Language Models we see everywhere, they’ve completely changed the game. They’re more than just a new application tier. They’re an entirely new attack surface. You’ve moved your critical applications to the public cloud. You did it for..…
Hochsicherheits-Pakt – NATO und Google Cloud schließen Deal für KI-fähige Cloud

Nov 26, 2025 3:50 PM

Tags: ai, cloud, google

First seen on security-insider.de Jump to article: www.security-insider.de/google-cloud-nato-ncia-vertrag-ki-cloud-a-f3dae3879522c203fcae1c31bc97a2b0/
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…