Cloud Security

New Chaos malware variant targets misconfigured cloud deployments, adds SOCKS proxy capability.

Salt Security report: 92% of orgs lack security maturity for AI agents despite 66% API growth surge.

Russian Forest Blizzard group hijacks home routers for DNS-based espionage targeting 5,000+ devices globally.

Grafana patches AI vulnerability allowing data exfiltration via malicious web instructions.

Docker CVE-2026-34040 allows attackers to bypass authorization plugins and gain host access.

Forest Blizzard compromises SOHO routers for DNS hijacking and AiTM attacks on Microsoft services.

Researchers demonstrate GPU Rowhammer attack enabling root shell access via memory corruption.

GPUBreach attack enables full CPU privilege escalation via GDDR6 RowHammer bit-flips in NVIDIA GPUs.

GPUBreach attack exploits GPU rowhammer to enable privilege escalation and full system compromise.

Iran-linked actor wages password-spraying campaign against 300+ Israeli Microsoft 365 organizations.

TeamPCP compromised LiteLLM PyPI packages to inject infostealer malware targeting developer credentials.

Google commits to post-quantum cryptography transition by 2029.

European Commission confirms 300GB data theft via compromised Trivy vulnerability scanner supply chain attack.

Google Cloud Vertex AI Agent Engine has critical permission flaw enabling unauthorized access and data exfiltration.

European Commission cloud breach via compromised AWS key exposes data of 30 EU entities.

ShinyHunters claims theft of 3M+ Cisco records via Salesforce and AWS, threatens April 3 leak.

Hackers exploit CVE-2025-55182 in Next.js to breach 766 hosts and steal credentials via NEXUS Listener.

Residential proxies evaded IP reputation checks in 78% of 4B malicious sessions over three months.

Chrome zero-day CVE-2026-5281 use-after-free vulnerability discovered in Dawn WebGPU layer.

ShadowByt3s claims 10GB Starbucks breach via misconfigured S3 bucket with source code, firmware, and management tools.

ShadowByt3s claims breach of Starbucks S3 bucket containing 10GB of source code and firmware.

Threat group ShadowByt3s claims breach of Starbucks with 10GB stolen source code from S3 bucket.

Threat actor AckLine claims to have leaked Airbus Artifactory/DevOps data on cybercrime forum.

FulcrumSec breaches three AI/insurance firms via unpatched CVE, exposes 23K policyholders and $797M in premiums.

FulcrumSec breaches three AI/insurance firms, exposing 23K policyholders and $797M in premiums via unpatched AWS.

Microsoft warns of WhatsApp-delivered VBS malware using UAC bypass and living-off-the-land techniques.

Palo Alto researchers weaponize Google Vertex AI agents, exposing excessive service account permissions and insider

Google Drive ransomware detection now enabled by default for paid workspace users.

Iran's IRGC threatens coordinated cyberattacks on US tech firms starting April 1.

TeamPCP threat group breaches cloud and SaaS instances using stolen credentials.

TeamPCP threat group pivots from OSS supply chain attacks to AWS credential exfiltration and lateral movement.

ShinyHunters claims 350GB theft from European Commission cloud infrastructure.

European Commission confirms data breach after ShinyHunters hacks Europa.eu AWS platform.

White House Android app contains cookie/paywall bypass injector, GPS tracking every 4.5 minutes, and external

European Commission reports AWS account breach; hacker claims 350 GB data theft.

Over 30 Claro Cloud customer websites allegedly compromised and offered for sale on cybercrime forum.

Google commits to quantum-safe cryptography migration by 2029.

European Commission investigating breach after threat actor compromised Amazon cloud account with 350GB stolen data.

European Commission investigating breach after threat actor accessed Amazon cloud infrastructure and stole 350 GB of

Sucuri blog details web shell threats, types, and mitigation strategies for compromised web servers.

Google announces Post-Quantum Cryptography integration in Android 17 with ML-DSA signatures.

Unit 42 analyzes Google Authenticator's synced passkey architecture and hidden attack surface.

TeamPCP backdoors LiteLLM Python package versions 1.82.7–1.82.8 with credential harvester and Kubernetes lateral

TeamPCP compromises Checkmarx GitHub Actions using stolen CI credentials from Trivy breach.

Gcore Radar reports 150% YoY surge in DDoS attacks with 12 Tbps peak volume in Q4 2025.

Threat actor claims 590TB data theft from OVHcloud in shared file tree.

Threat actor claims breach of OVHcloud, Europe's largest hosting provider, on dark web.

Threat actor 'vexin' sells compromised cloud access for 7 organizations across India, Brazil, Colombia at 50% discount.

Forescout report shows routers now primary enterprise threat vector, surpassing PCs.

TeamPCP deploys CanisterWorm wiper targeting Iran via compromised cloud infrastructure.