Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
52 articles

#Cloud Security

All CosmicBytez Labs articles tagged #Cloud Security, across news, security advisories, how-to guides, and projects.

  • NewsJun 1, 2026

    Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

    A new Mini Shai-Hulud supply chain campaign codenamed Miasma has compromised Red Hat's @redhat-cloud-services npm packages, deploying a self-propagating credential-stealing worm that targets developer machines and CI/CD secrets.

  • NewsMay 23, 2026

    Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely

    Anthropic has disclosed that Project Glasswing — its AI-powered vulnerability research initiative using the Claude Mythos system — has uncovered more than...

  • NewsMay 22, 2026

    Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    Members of Congress are demanding answers from CISA after a contractor intentionally published AWS GovCloud access keys and a trove of agency secrets on a...

  • NewsMay 19, 2026

    Looking Back, Looking Forward: Two Decades of Cybersecurity

    Dark Reading editors mark 20 years of cybersecurity coverage by reflecting on the field's transformation — from perimeter-first defense to assume-breach...

  • SecurityMay 18, 2026

    CVE-2026-8507: Crypt::OpenSSL::PKCS12 Heap OOB Write — CVSS

    A critical heap out-of-bounds write vulnerability in Crypt::OpenSSL::PKCS12 for Perl (versions through 1.94) can be triggered by parsing a malformed...

  • NewsMay 16, 2026

    In Other News: Big Tech vs Canada Encryption Bill, Cisco's

    Other noteworthy stories this week: Big Tech firms push back against Canada's encryption legislation, Cisco releases a free AI security specification, and...

  • NewsMay 15, 2026

    Avada Builder WordPress Plugin Flaws Allow Site Credential

    Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files...

  • SecurityMay 12, 2026

    CVE-2026-34263 — SAP Commerce Cloud Unauthenticated RCE

    A critical unauthenticated remote code execution vulnerability in SAP Commerce Cloud allows any unauthenticated user to upload malicious configurations...

  • SecurityMay 9, 2026

    CVE-2026-25199: Apache CloudStack Proxmox Extension Allows

    A critical tenant isolation vulnerability in Apache CloudStack's Proxmox extension (CVSS 9.1) allows one tenant to access and control VM instances...

  • SecurityMay 9, 2026

    CVE-2026-42193: Plunk Email Platform SNS Webhook Forgery

    A critical unauthenticated vulnerability in Plunk, the open-source AWS SES email platform, allows attackers to forge Amazon SNS webhook payloads without...

  • SecurityMay 8, 2026

    CVE-2026-33109: Azure Managed Instance for Apache Cassandra

    A critical improper access control flaw in Azure Managed Instance for Apache Cassandra allows an authorized network attacker to execute arbitrary code,...

  • NewsApr 30, 2026

    AI Finds 38 Security Flaws in Electronic Health Record

    Security researchers using AI-assisted analysis discovered 38 vulnerabilities in OpenEMR, an open-source electronic health record platform used by more...

  • NewsApr 30, 2026

    TeamPCP Hits SAP npm Packages With 'Mini Shai-Hulud' Supply

    The threat actor TeamPCP has compromised multiple npm packages tied to SAP's cloud application development ecosystem in a new supply chain campaign dubbed...

  • NewsApr 29, 2026

    CISA Adds Actively Exploited ConnectWise and Windows Flaws

    CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...

  • NewsApr 29, 2026

    Hackers Exploit RCE Flaws in Qinglong Task Scheduler for

    Threat actors are actively exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptomining...

  • SecurityApr 25, 2026

    CVE-2026-21515: Azure IoT Central Elevation of Privilege

    A critical CVSS 9.9 elevation of privilege vulnerability in Azure IoT Central allows an authenticated attacker to escalate privileges over a network by...

  • SecurityApr 24, 2026

    CVE-2026-24303: Microsoft Partner Center Privilege

    A critical privilege escalation vulnerability in Microsoft Partner Center allows an authorized attacker to elevate their privileges over a network,...

  • SecurityApr 24, 2026

    CVE-2026-32210: Microsoft Dynamics 365 Online SSRF Enables

    A critical server-side request forgery vulnerability in Microsoft Dynamics 365 (Online) allows an unauthenticated remote attacker to perform spoofing over...

  • NewsApr 21, 2026

    Cloud Platform Vercel Says Company Breached Through

    Vercel has confirmed a security breach in which limited customer credentials were exposed after an employee's workstation was compromised through malware...

  • SecurityApr 21, 2026

    CVE-2026-32604: Spinnaker Clouddriver Remote Code Execution

    A critical unauthenticated RCE vulnerability in Spinnaker's clouddriver service allows attackers to execute arbitrary commands on clouddriver pods,...

  • SecurityApr 21, 2026

    CVE-2026-32613: Spinnaker Echo Spring Expression Language

    A critical code injection flaw in Spinnaker's Echo service allows unrestricted Spring Expression Language (SPeL) execution via artifact processing,...

  • NewsApr 20, 2026

    Next.js Creator Vercel Hacked

    Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million, affecting the company...

  • NewsApr 20, 2026

    Vercel's Security Breach Started with Malware Disguised as

    The Vercel security breach originated at Context.ai after an employee downloaded Lumma Stealer disguised as Roblox cheat software. The incident exposes...

  • NewsApr 19, 2026

    Vercel Confirms Breach as Hackers Claim to Be Selling

    Cloud development platform Vercel has confirmed a security incident after threat actors claimed to have stolen internal databases, API keys, tokens, and...

  • SecurityApr 19, 2026

    KodExplorer fileGet Auth Bypass — Unauthenticated Remote

    KodExplorer versions up to 4.52 contain an improper authentication flaw in the fileGet endpoint that allows remote attackers to access files without valid...

  • SecurityApr 11, 2026

    CVE-2026-5412: Juju Controller Facade Allows Low-Privilege

    An authorization flaw in Juju's Controller facade allows any authenticated low-privilege user to call the CloudSpec API and extract the cloud provider...

  • NewsApr 8, 2026

    Snowflake Customers Hit in Data Theft Attacks After SaaS

    Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen, enabling...

  • NewsApr 3, 2026

    CERT-EU: European Commission Hack Exposes Data of 30 EU

    CERT-EU has attributed the European Commission cloud account compromise to the TeamPCP threat group, revealing the breach exposed sensitive data from at...

  • SecurityApr 3, 2026

    CVE-2026-26135: Azure Custom Locations SSRF Enables

    A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...

  • NewsMar 30, 2026

    Healthcare Software Firm CareCloud Informs SEC of Potential

    CareCloud has notified the U.S. Securities and Exchange Commission of a cyberattack that may have resulted in the unauthorized access and potential...

  • NewsMar 30, 2026

    Healthcare Tech Firm CareCloud Says Hackers Stole Patient

    Healthcare IT company CareCloud has disclosed a cyberattack that resulted in the theft of sensitive patient data and caused an eight-hour network outage,...

  • NewsMar 28, 2026

    Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on

    A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...

  • NewsMar 27, 2026

    European Commission Investigating Breach After Amazon Cloud

    The European Commission is investigating a security breach after a threat actor gained unauthorized access to its Amazon Web Services cloud environment...

  • NewsletterMar 27, 2026

    Mar 27 Digest: EU Commission AWS Breach, DarkSword iOS

    The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...

  • NewsMar 25, 2026

    Supply Chain Attack Hits Widely-Used AI Package, Risking

    Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...

  • NewsMar 23, 2026

    Trivy Supply Chain Attack Targets CI/CD Secrets

    The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...

  • NewsMar 18, 2026

    Cloud Security Startup Native Exits Stealth With $42

    Native, founded by ex-AWS security leaders, has emerged from stealth with $42 million in backing from Ballistic Ventures and General Catalyst to build the...

  • SecurityMar 18, 2026

    CVE-2026-21994: Critical Unauthenticated RCE in Oracle Edge

    A critical unauthenticated remote code execution vulnerability (CVSS 9.8) in Oracle's Edge Cloud Infrastructure Designer and Visualisation Toolkit allows...

  • SecurityMar 18, 2026

    CVE-2026-25534: Spinnaker SSRF via URL Validation Bypass

    A critical SSRF vulnerability (CVSS 9.1) in Spinnaker's clouddriver and orca components bypasses the previous CVE-2025-61916 URL validation patch through...

  • NewsMar 17, 2026

    AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable

    Security researchers disclosed critical flaws across three major AI platforms: Amazon Bedrock AgentCore's sandbox can be bypassed via DNS to exfiltrate...

  • NewsMar 11, 2026

    UNC6426 Weaponizes Old nx npm Supply Chain Compromise to

    Threat actor UNC6426 leveraged stolen credentials from last year's nx npm supply chain attack to achieve full AWS administrator access at a victim...

  • ChecklistMar 11, 2026

    Microsoft 365 Tenant Security Checklist

    Comprehensive security checklist for Microsoft 365 and Entra ID tenants — Conditional Access policies, MFA enforcement, audit logging, DLP configuration,...

  • NewsMar 9, 2026

    ShinyHunters Claims Mass Data Theft From 400 Firms via

    Cybercrime group ShinyHunters claims to have exploited misconfigured Salesforce Experience Cloud instances to steal CRM data from approximately 400...

  • NewsMar 9, 2026

    North Korea's UNC4899 Breached Crypto Firm via AirDropped

    North Korean threat actor UNC4899 compromised a cryptocurrency organization after a developer AirDropped a trojanized archive from a personal device to a...

  • HOWTOMar 9, 2026

    How to Secure GitHub Actions Workflows with OIDC, SHA

    Harden your CI/CD pipeline by replacing long-lived secrets with OIDC short-lived tokens, pinning third-party actions to commit SHAs, enforcing...

  • HOWTOMar 9, 2026

    How to Configure Microsoft Sentinel Analytics Rules

    End-to-end SOC guide for Microsoft Sentinel: build KQL-based scheduled and NRT analytics rules, wire automation rules for incident triage, and deploy...

  • NewsMar 4, 2026

    Cloudflare 2026 Threat Report: 230 Billion Daily Threats as

    Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...

  • NewsMar 4, 2026

    LexisNexis Confirms Cloud Breach Exposing 400K User

    LexisNexis Legal & Professional confirms a data breach after threat actor FulcrumSec exploited an unpatched React2Shell vulnerability to exfiltrate 2.04...

  • NewsFeb 24, 2026

    CrowdStrike 2026 Threat Report: eCrime Breakout Time Falls

    CrowdStrike's 2026 Global Threat Report reveals that AI-enabled adversary operations surged 89% year-over-year, the average eCrime breakout time dropped...

  • NewsFeb 10, 2026

    Google's $32 Billion Wiz Acquisition Clears Final Hurdle as

    The European Commission grants unconditional antitrust approval for Google's $32 billion all-cash acquisition of cloud security firm Wiz — the largest...

  • NewsFeb 9, 2026

    VoidLink: AI-Generated Cloud-Native Malware Framework

    Researchers uncover VoidLink, an 88,000-line Zig-based malware framework built with AI assistance that targets AWS, Azure, GCP, and Kubernetes environments.

  • HOWTOFeb 3, 2026

    AWS Security Hub: Centralized Security Findings

    Implement AWS Security Hub for centralized security findings across accounts. Covers security standards, GuardDuty/Inspector integration, custom insights,...