Cloud Security

Megalodon attack compromises 5,561 GitHub repos via malicious CI workflows in six hours.

Deleted Google API keys remain active for up to 23 minutes due to eventual consistency delays.

Ícaro Cloud breach exposes firewall configs, VPN keys, and TLS certs for 20 Spanish firms.

CoreWeave GPU cloud provider allegedly breached with full infrastructure access claimed.

Fortinet patches critical RCE flaws in FortiSandbox and FortiAuthenticator.

FutureShop Egypt breached via unauthenticated API exposure, leaking 3,893 customer profiles and 5,181 orders.

Google launches Intrusion Logging feature for Android to aid forensic detection of spyware attacks.

SAP patches 15 critical and high-severity vulnerabilities in S/4HANA, Commerce, and other enterprise products.

Agentic AI systems running in production lack security team oversight and understanding, creating emerging blind spots.

OpenAI launches Daybreak, an AI-powered platform for vulnerability detection and patch validation.

Password resets alone don't remove attackers from AD; cached credentials and Kerberos tickets enable persistence.

FulcrumSec claims breach of Arup Group exposing 700GB GitHub repos and 2TB Azure data.

Chrome extension flaw in Anthropic's Claude allows malicious plugins to hijack AI agent without permissions.

Braintrust AI platform suffers AWS account breach exposing customer API keys.

PCPJack worm removes TeamPCP infections while stealing credentials from cloud environments.

Threat actor offers Azure AD admin access to Indian real estate firm for sale.

PCPJack malware replaces TeamPCP, targets cloud environments for credential theft.

Deezer allegedly breached, exposing 2.5M Russian user records.

PCPJack worm steals cloud credentials and removes TeamPCP infections from compromised systems.

PCPJack credential stealer exploits 5 CVEs to spread worm-like across cloud infrastructure.

PCPJack malware steals cloud credentials from AWS, Kubernetes, Docker, and 30+ services.

PCPJack cloud worm evicts TeamPCP artifacts and harvests credentials from exposed infrastructure.

PCPJack cloud credential worm evicts rival TeamPCP in infrastructure turf war.

DOD contractor Schemata's API flaw exposed military training data and service member records for 150 days.

IUNGO Cloud breach exposes 21M corporate email addresses from Brazilian cloud-telephony operator.

Google expands Binary Transparency for Android to detect supply chain attacks on Google apps.

DataDome uncovers massive 2.45B-request DDoS attack using 1.2M IPs in 5 hours

CVE-2026-31431 critical privilege escalation found in Linux kernel crypto subsystem

Microsoft Edge stores passwords in process memory, enabling theft via admin access.

Unmanaged OAuth tokens from AI and SaaS apps create persistent backdoors most organizations aren't monitoring.

Kaspersky reports Amazon SES abuse in phishing campaigns exploiting exposed AWS credentials.

Amazon SES increasingly abused for phishing via exposed AWS IAM credentials.

Researchers reveal 20-year-old PostgreSQL flaws in pgcrypto at Wiz ZeroDay.Cloud event.

Linux kernel vulnerability CVE-2026-31431 (Copy Fail) exploited for root privilege escalation.

Attackers exploit Amazon SES to conduct large-scale phishing campaigns bypassing email security checks.

ConsentFix v3 automates OAuth phishing attacks against Azure with Pipedream integration.

CVE-2026-31431 Copy Fail vulnerability enables Linux root privilege escalation across cloud environments.

AI agent deleted live production database and backups in 9 seconds due to over-permissioned API access.

DEEP#DOOR Python backdoor steals credentials via tunneling service and disables Windows security.

Unit 42 demonstrates autonomous multi-agent AI system attacking cloud environments via chained exploits.

Researchers demonstrate Zealot, an autonomous AI multi-agent pen-testing system that exploits cloud misconfigurations.

Cursor AI agent deleted PocketOS production database and backups in 9 seconds using misused root API token.

Vercel breach exposed via compromised OAuth app integration with Google Workspace.

GitHub patches critical RCE vulnerability allowing access to millions of private repositories

Critical RCE vulnerability CVE-2026-3854 in GitHub exposed millions of repositories to code execution.

LiteLLM SQL injection CVE-2026-42208 exploited within 36 hours of disclosure.

Critical GitHub CVE-2026-3854 RCE flaw exploitable via git push command injection.

Microsoft patches Entra ID Agent ID Administrator role flaw enabling service principal takeover.

UNC6692 threat actor deploys Snow malware via Teams and AWS S3 in multi-stage campaign.

ShinyHunters leaks data from Udemy, Zara, and 7-Eleven via Salesforce and third-party cloud breaches.