cloud security

How Storm-0501 is Pivoting to Cloud-Native Attacks

• Cybercriminals

How Storm-0501 is Pivoting to Cloud-Native Attacks

ddos August 29, 2025

According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional...

Read More Read more about How Storm-0501 is Pivoting to Cloud-Native Attacks

The DripDropper Paradox: Why Attackers Are Patching the Vulnerabilities They Exploit

• Malware
• Vulnerability

The DripDropper Paradox: Why Attackers Are Patching the Vulnerabilities They Exploit

ddos August 21, 2025

Experts at Red Canary have uncovered an unusual campaign leveraging a newly identified strain of malware, DripDropper,...

Read More Read more about The DripDropper Paradox: Why Attackers Are Patching the Vulnerabilities They Exploit

Nested App Authentication: Microsoft’s New Feature Is a Double-Edged Sword for Azure Security

• Vulnerability

Nested App Authentication: Microsoft’s New Feature Is a Double-Edged Sword for Azure Security

ddos August 19, 2025

Microsoft has introduced a new mechanism known as Nested App Authentication (NAA), which is steadily becoming a...

Read More Read more about Nested App Authentication: Microsoft’s New Feature Is a Double-Edged Sword for Azure Security

New Exchange Flaw Lets Hackers Take Over Your Cloud Environment

• Vulnerability

New Exchange Flaw Lets Hackers Take Over Your Cloud Environment

ddos August 11, 2025

Microsoft, in coordination with federal agencies, has issued a warning about a newly discovered, high-severity vulnerability in...

Read More Read more about New Exchange Flaw Lets Hackers Take Over Your Cloud Environment

Cloud Chaos: New ‘ECScape’ Attack Threatens Amazon’s Container Service

• Vulnerability

Cloud Chaos: New ‘ECScape’ Attack Threatens Amazon’s Container Service

ddos August 8, 2025

At the Black Hat USA conference in Las Vegas, Naor Haziz, a researcher at Sweet Security, unveiled...

Read More Read more about Cloud Chaos: New ‘ECScape’ Attack Threatens Amazon’s Container Service

Cloud Cryptominers Evolve: Koske & Soco404 Use Stealthy Tactics, AI-Generated Malware & Image Payloads

• Malware

Cloud Cryptominers Evolve: Koske & Soco404 Use Stealthy Tactics, AI-Generated Malware & Image Payloads

ddos July 29, 2025

Researchers have uncovered two parallel malicious campaigns targeting vulnerable and misconfigured components of cloud infrastructure. Both operations...

Read More Read more about Cloud Cryptominers Evolve: Koske & Soco404 Use Stealthy Tactics, AI-Generated Malware & Image Payloads

Microsoft Halts China-Based Support for US DoD Cloud After ProPublica Expose & Pentagon Backlash

• Cyber Security
• Microsoft

Microsoft Halts China-Based Support for US DoD Cloud After ProPublica Expose & Pentagon Backlash

ddos July 23, 2025

Following a wave of criticism sparked by a recent ProPublica report alleging that Microsoft had engaged engineers...

Read More Read more about Microsoft Halts China-Based Support for US DoD Cloud After ProPublica Expose & Pentagon Backlash

NVIDIAScape: Critical Container Escape (CVE-2025-23266, CVSS 9.0) Threatens 37% of AI Cloud Environments

• Vulnerability

NVIDIAScape: Critical Container Escape (CVE-2025-23266, CVSS 9.0) Threatens 37% of AI Cloud Environments

ddos July 21, 2025

Wiz, a cybersecurity firm specializing in cloud infrastructure protection, has uncovered a critical vulnerability in the NVIDIA...

Read More Read more about NVIDIAScape: Critical Container Escape (CVE-2025-23266, CVSS 9.0) Threatens 37% of AI Cloud Environments

Cloud Snitch: New Open-Source Tool Reveals Hidden Activity & Bolsters Least Privilege in Your AWS Accounts

• Open Source Tool

Cloud Snitch: New Open-Source Tool Reveals Hidden Activity & Bolsters Least Privilege in Your AWS Accounts

ddos July 9, 2025

Whether you’re a developer, security engineer, or just a curious person, Cloud Snitch is guaranteed to teach...

Read More Read more about Cloud Snitch: New Open-Source Tool Reveals Hidden Activity & Bolsters Least Privilege in Your AWS Accounts

dAWShund: New Tool Suite to Visualize & Secure AWS IAM Permissions

• Open Source Tool

dAWShund: New Tool Suite to Visualize & Secure AWS IAM Permissions

ddos July 2, 2025

Perhaps the most critical component of an AWS infrastructure is the policy document describing the actions allowed...

Read More Read more about dAWShund: New Tool Suite to Visualize & Secure AWS IAM Permissions

“OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector

• Cybercriminals

“OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector

ddos June 27, 2025

Cybercriminals have launched a large-scale campaign dubbed OneClik, targeting companies in the energy, oil, and gas sectors....

Read More Read more about “OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector

RedInfraCraft V2: Automate Your Red Team Infrastructure with Ease

• Open Source Tool

RedInfraCraft V2: Automate Your Red Team Infrastructure with Ease

ddos June 13, 2025

Welcome to the RedInfraCraft (V2) Tool – your gateway to automating the deployment of robust red team infrastructures! RedInfraCraft...

Read More Read more about RedInfraCraft V2: Automate Your Red Team Infrastructure with Ease

agneyastra: Firebase Misconfiguration Detection Toolkit

• Open Source Tool

agneyastra: Firebase Misconfiguration Detection Toolkit

ddos June 10, 2025

Firebase, a versatile platform by Google, powers countless web and mobile applications with its extensive suite of...

Read More Read more about agneyastra: Firebase Misconfiguration Detection Toolkit