Cloud Security Archives • Daily CyberSecurity

Critical Policy Bypass Flaw Threatens OpenStack Mistral Workflow Environments Mistral policy bypass flaw arbitrary code execution CVE-2024-40767 Keystone Vulnerability S3 Bypass

Critical Policy Bypass Flaw Threatens OpenStack Mistral Workflow Environments

Do Son June 5, 2026

Insufficient Access Controls inside Mistral API OpenStack Mistral workflow service users must address a critical security vulnerability...

Microsoft Exposes Malicious Typosquat Cluster Targeting Cloud Environments npm supply chain attack credential harvesting malware

Microsoft Exposes Malicious Typosquat Cluster Targeting Cloud Environments

Do Son May 29, 2026

Urgent Alert for DevOps Engineers Microsoft security analysts recently identified an active threat vector targeting modern software...

State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaigns ROADtools cloud attack toolkit

State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaigns

Do Son May 28, 2026

Security analysts have released a comprehensive analysis regarding specialized offensive tools in modern network breaches. Specifically, hackers...

Host-Root Escape Vulnerability Uncovered in Kata Containers Kata Containers container escape

Host-Root Escape Vulnerability Uncovered in Kata Containers

Do Son May 28, 2026

Security researchers have discovered a critical vulnerability in the open-source lightweight virtualization project, Kata Containers. Specifically, this...

Unauthenticated Execution Threatens Kubernetes Clusters critical Fission router vulnerability

Unauthenticated Execution Threatens Kubernetes Clusters

Do Son May 27, 2026

Security researchers have uncovered a severe flaw in a popular open-source serverless platform. Specifically, the newly discovered...

Critical Dell Container Storage Modules Vulnerability Exposes Infrastructure

Do Son May 26, 2026

Dell has issued an urgent security update to address a maximum severity flaw in its cloud storage...

Cloud Under Siege: Persistent P2Pinfect Botnet Activity Discovered in Kubernetes Environments

Do Son May 24, 2026

Security researchers have discovered a stealthy cloud threat hiding inside enterprise cloud environments. Specifically, FortiGuard Labs recently...

Inside UNC6671’s “BlackFile” Cloud Extortion Campaigns UNC6671 BlackFile Cloud Attacks AiTM MFA Bypass Okta Microsoft

Inside UNC6671’s “BlackFile” Cloud Extortion Campaigns

Do Son May 20, 2026

A sophisticated identity-centric threat actor operating under the brand “BlackFile” has spent the early months of 2026...

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365 Tycoon 2FA Phishing Kit OAuth Device Code Phishing

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365

Do Son May 19, 2026

Just weeks after a massive international law enforcement operation dismantled its primary server infrastructure, the notorious Tycoon...

Patch Now: Apache CloudStack Plugs Proxmox and KVM Exploits in New LTS Release CloudStack VM Hijacking Apache CloudStack Security Update CVE-2024-42062 and CVE-2024-42222 - Apache CloudStack

CloudStack VM Hijacking Apache CloudStack Security Update CVE-2024-42062 and CVE-2024-42222 - Apache CloudStack

Patch Now: Apache CloudStack Plugs Proxmox and KVM Exploits in New LTS Release

Do Son May 11, 2026

The Apache CloudStack project has urgently rolled out Long Term Support (LTS) versions 4.20.3.0 and 4.22.0.1 to...

Scammers Weaponize Amazon SES to Bypass Security Amazon SES Phishing AWS IAM Credential Leak

Scammers Weaponize Amazon SES to Bypass Security

Do Son May 5, 2026

A recent report from Kaspersky Labs reveals a disturbing surge in phishing campaigns leveraging Amazon Simple Email...

Multi Apache Polaris Flaws Granting Unauthorized Multi-Cloud Access Apache Polaris Security Iceberg Credential Bypass

Multi Apache Polaris Flaws Granting Unauthorized Multi-Cloud Access

Do Son May 5, 2026

The Apache Polaris project, a popular open-source catalog for Apache Iceberg, has released a major security update...

The Shittrix Disclosure: 89 Flaws Collapse 20 Years of Trust in Citrix and XCP-ng Shittrix Disclosure Hypervisor Vulnerabilities

The Shittrix Disclosure: 89 Flaws Collapse 20 Years of Trust in Citrix and XCP-ng

Do Son April 29, 2026

Independent security researcher Jakob Wolffhechel has publicly disclosed 89 vulnerabilities impacting Citrix XenServer/Hypervisor and its open-source counterpart,...

UNC6692 Uses MS Teams and Cloud Reputations to Hijack Active Directory UNC6692 SNOW Malware Suite

UNC6692 Uses MS Teams and Cloud Reputations to Hijack Active Directory

Do Son April 27, 2026

A sophisticated new threat actor, UNC6692, is redefining the art of the initial breach. According to a...

AI in the Driver’s Seat: How the ‘Bissa’ Scanner Hijacked 900+ Firms in Weeks AI-Assisted Exploitation Bissa Scanner

AI in the Driver’s Seat: How the ‘Bissa’ Scanner Hijacked 900+ Firms in Weeks

Do Son April 24, 2026

Researchers from The DFIR Report recently discovered an exposed command-and-control server that provided a rare look into...

CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines CVE-2026-33626 LMDeploy SSRF

CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines

Do Son April 23, 2026

On April 21, 2026, a high-severity Server-Side Request Forgery (SSRF) vulnerability was disclosed in LMDeploy, a popular...

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference Xinference Supply Chain Attack TeamPCP

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference

Do Son April 23, 2026

The Python ecosystem is reeling from a sophisticated supply chain attack targeting Xinference (Xorbits Inference), a widely...

The Dual CVSS 10.0 RCE Flaws Threatening Spinnaker Pipelines

Do Son April 21, 2026

A pair of critical remote code execution (RCE) vulnerabilities has been disclosed in Spinnaker, the heavyweight open-source...

The Price of Privacy: Atlassian to Train AI on Jira and Confluence Data Starting August 2026 CVE-2024-21687 & CVE-2024-21686 Atlassian AI data contribution

CVE-2024-21687 & CVE-2024-21686 Atlassian AI data contribution

The Price of Privacy: Atlassian to Train AI on Jira and Confluence Data Starting August 2026

Do Son April 21, 2026

The prominent software conglomerate Atlassian has recently revised its data contribution policy, announcing that effective August 17,...

Fabricked: The 100% Deterministic Attack Breaking AMD’s Confidential Computing Vault Fabricked Attack AMD SEV-SNP

Fabricked: The 100% Deterministic Attack Breaking AMD’s Confidential Computing Vault

Do Son April 20, 2026

In the high-stakes world of cloud security, the promise of Confidential Computing is simple: your data should...

Critical Alert 1 Active Exploit Detected Today