All CosmicBytez Labs articles tagged #Cloud Security, across news, security advisories, how-to guides, and projects.
A design flaw in the Cursor AI code editor on Windows executes any file named git.exe found in the root of a cloned project directory — automatically, with no prompt or warning, simply by opening the repository. Malicious repositories can weaponize this to steal SSH keys, cloud tokens, and source code on first open.
CISA has published a postmortem on a data leak in which a contractor exposed dozens of internal credentials — including AWS GovCloud keys — in a public GitHub repository for nearly six months before being discovered by KrebsOnSecurity.
A single threat actor leveraged AI workflows, chained cloud misconfigurations, and stolen credentials to breach a large Amazon Web Services customer...
A critical-severity SQL injection vulnerability (CVSS 9.6) in the Snowflake Snowpark Python SDK allows authenticated low-privilege users to execute SQL...
The UK government's voluntary Cyber Resilience Pledge attracted fewer than 15 of Britain's 350 largest listed companies despite eight months of direct...
A critical vulnerability in ownCloud Core's Updater component exposes a dangerous method to administrators, enabling potential remote code execution on...
Gitea versions through 1.26.2 use an incomplete IP filter that allows authenticated users to reach AWS Instance Metadata, Azure WireServer, and...
A critical server-side request forgery vulnerability in Azure OpenAI rated CVSS 9.9 allows an authorized attacker to escalate privileges over the network,...
Threat actors who exploited the FortiBleed vulnerability to gain persistent access to thousands of Fortinet firewalls are now monetizing that access by...
Infoblox researchers have uncovered over 236,000 websites built on the legitimate DCloud Uni-App framework being weaponized for investment scams,...
Russian FSB-linked APT group Gamaredon has mounted 35 distinct spear-phishing campaigns against Ukrainian targets in 2025, deploying an expanded malware...
Researchers at Infoblox documented how the legitimate DCloud Uni-App cross-platform development framework has been weaponized to power over 236,000 scam...
Novee Security researchers have identified a critical exploitable CI/CD workflow pattern dubbed Cordyceps that enables attackers to hijack GitHub Actions...
Security researchers discovered multi-tenant isolation failures in the Dify AI platform that allowed attackers to read private conversations from other...
FFmpeg has patched a critical vulnerability dubbed PixelSmash that could enable remote code execution on Jellyfin servers and denial-of-service conditions...
Four vulnerabilities dubbed DifyTap were disclosed in the open-source AI workflow platform Dify, enabling attackers to silently read AI conversations from...
A security researcher discovered that FIFA's unenforced Microsoft Entra access controls could have allowed an attacker to hijack live World Cup broadcast...
A high-severity symlink vulnerability in the LiteSpeed cPanel plugin (CVSS 8.5) allows users with FTP or web shell access to escape CloudLinux/CageFS...
A high-severity vulnerability (CVSS 9.0) in Cloud Foundry UAA allows attackers to bypass authentication by exploiting the incorrect treatment of XML...
In the post-Mythos era, Aryon Security's platform helps organizations enforce security controls across multi-cloud environments as AI-generated...
Microsoft's GitHub presence has become the latest target of the self-replicating Miasma supply chain worm, with 73 repositories across Azure, Azure-Samples…
The European Commission has unveiled a sweeping technology sovereignty package combining a Chips Act 2.0, a Cloud and AI Development Act (CADA), an Open…
A critical unauthenticated remote code execution flaw in OpenStack Mistral through 22.0.0 allows attackers to execute arbitrary commands via exposed API…
A new Mini Shai-Hulud supply chain campaign codenamed Miasma has compromised Red Hat's @redhat-cloud-services npm packages, deploying a self-propagating…
Anthropic has disclosed that Project Glasswing — its AI-powered vulnerability research initiative using the Claude Mythos system — has uncovered more than...
Members of Congress are demanding answers from CISA after a contractor intentionally published AWS GovCloud access keys and a trove of agency secrets on a...
Dark Reading editors mark 20 years of cybersecurity coverage by reflecting on the field's transformation — from perimeter-first defense to assume-breach...
A critical heap out-of-bounds write vulnerability in Crypt::OpenSSL::PKCS12 for Perl (versions through 1.94) can be triggered by parsing a malformed...
Other noteworthy stories this week: Big Tech firms push back against Canada's encryption legislation, Cisco releases a free AI security specification, and...
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files...
A critical unauthenticated remote code execution vulnerability in SAP Commerce Cloud allows any unauthenticated user to upload malicious configurations...
A critical tenant isolation vulnerability in Apache CloudStack's Proxmox extension (CVSS 9.1) allows one tenant to access and control VM instances...
A critical unauthenticated vulnerability in Plunk, the open-source AWS SES email platform, allows attackers to forge Amazon SNS webhook payloads without...
A critical improper access control flaw in Azure Managed Instance for Apache Cassandra allows an authorized network attacker to execute arbitrary code,...
Security researchers using AI-assisted analysis discovered 38 vulnerabilities in OpenEMR, an open-source electronic health record platform used by more...
The threat actor TeamPCP has compromised multiple npm packages tied to SAP's cloud application development ecosystem in a new supply chain campaign dubbed...
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...
Threat actors are actively exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptomining...
A critical CVSS 9.9 elevation of privilege vulnerability in Azure IoT Central allows an authenticated attacker to escalate privileges over a network by...
A critical privilege escalation vulnerability in Microsoft Partner Center allows an authorized attacker to elevate their privileges over a network,...
A critical server-side request forgery vulnerability in Microsoft Dynamics 365 (Online) allows an unauthenticated remote attacker to perform spoofing over...
Vercel has confirmed a security breach in which limited customer credentials were exposed after an employee's workstation was compromised through malware...
A critical unauthenticated RCE vulnerability in Spinnaker's clouddriver service allows attackers to execute arbitrary commands on clouddriver pods,...
A critical code injection flaw in Spinnaker's Echo service allows unrestricted Spring Expression Language (SPeL) execution via artifact processing,...
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million, affecting the company...
The Vercel security breach originated at Context.ai after an employee downloaded Lumma Stealer disguised as Roblox cheat software. The incident exposes...
Cloud development platform Vercel has confirmed a security incident after threat actors claimed to have stolen internal databases, API keys, tokens, and...
KodExplorer versions up to 4.52 contain an improper authentication flaw in the fileGet endpoint that allows remote attackers to access files without valid...
An authorization flaw in Juju's Controller facade allows any authenticated low-privilege user to call the CloudSpec API and extract the cloud provider...
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen, enabling...
CERT-EU has attributed the European Commission cloud account compromise to the TeamPCP threat group, revealing the breach exposed sensitive data from at...
A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...
CareCloud has notified the U.S. Securities and Exchange Commission of a cyberattack that may have resulted in the unauthorized access and potential...
Healthcare IT company CareCloud has disclosed a cyberattack that resulted in the theft of sensitive patient data and caused an eight-hour network outage,...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
The European Commission is investigating a security breach after a threat actor gained unauthorized access to its Amazon Web Services cloud environment...
The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...
Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...
The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...
Native, founded by ex-AWS security leaders, has emerged from stealth with $42 million in backing from Ballistic Ventures and General Catalyst to build the...
A critical unauthenticated remote code execution vulnerability (CVSS 9.8) in Oracle's Edge Cloud Infrastructure Designer and Visualisation Toolkit allows...
A critical SSRF vulnerability (CVSS 9.1) in Spinnaker's clouddriver and orca components bypasses the previous CVE-2025-61916 URL validation patch through...
Security researchers disclosed critical flaws across three major AI platforms: Amazon Bedrock AgentCore's sandbox can be bypassed via DNS to exfiltrate...
Threat actor UNC6426 leveraged stolen credentials from last year's nx npm supply chain attack to achieve full AWS administrator access at a victim...
Comprehensive security checklist for Microsoft 365 and Entra ID tenants — Conditional Access policies, MFA enforcement, audit logging, DLP configuration,...
Cybercrime group ShinyHunters claims to have exploited misconfigured Salesforce Experience Cloud instances to steal CRM data from approximately 400...
North Korean threat actor UNC4899 compromised a cryptocurrency organization after a developer AirDropped a trojanized archive from a personal device to a...
Harden your CI/CD pipeline by replacing long-lived secrets with OIDC short-lived tokens, pinning third-party actions to commit SHAs, enforcing...
End-to-end SOC guide for Microsoft Sentinel: build KQL-based scheduled and NRT analytics rules, wire automation rules for incident triage, and deploy...
Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...
LexisNexis Legal & Professional confirms a data breach after threat actor FulcrumSec exploited an unpatched React2Shell vulnerability to exfiltrate 2.04...
CrowdStrike's 2026 Global Threat Report reveals that AI-enabled adversary operations surged 89% year-over-year, the average eCrime breakout time dropped...
The European Commission grants unconditional antitrust approval for Google's $32 billion all-cash acquisition of cloud security firm Wiz — the largest...
Researchers uncover VoidLink, an 88,000-line Zig-based malware framework built with AI assistance that targets AWS, Azure, GCP, and Kubernetes environments.
Implement AWS Security Hub for centralized security findings across accounts. Covers security standards, GuardDuty/Inspector integration, custom insights,...