Cloud Security Archives • Page 2 of 6 • Daily CyberSecurity

Triad Nexus’ $300M “Infrastructure Laundering” Machine Exposed Infrastructure Laundering Triad Nexus

Triad Nexus’ $300M “Infrastructure Laundering” Machine Exposed

Do Son April 17, 2026

The threat group known as Triad Nexus has successfully bypassed international sanctions to reinstate a global fraud...

Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources

Do Son April 16, 2026

In the world of cloud-native security, OAuth2 Proxy serves as a vital gatekeeper, providing a flexible and...

Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User Cisco Webex SSO Webex Impersonation Flaw

Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User

Do Son April 16, 2026

In the modern enterprise, the Single Sign-On (SSO) portal is the master key to a company’s digital...

High-Severity Authentication Bypass Discovered in MinIO Storage MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

High-Severity Authentication Bypass Discovered in MinIO Storage

Do Son April 15, 2026

A significant security vulnerability has been identified in MinIO, the high-performance, S3-compatible object storage solution widely used...

Attackers Weaponize Mailbox Rules to Control Your Inbox M365 Persistence Malicious Mailbox Rules

Attackers Weaponize Mailbox Rules to Control Your Inbox

Do Son April 15, 2026

In the modern landscape of Microsoft 365 security, the most dangerous threat might not be a sophisticated...

APT41’s New “Zero-Detection” Backdoor Targets Linux Workloads APT41 Linux Backdoor SMTP Command and Control

APT41’s New “Zero-Detection” Backdoor Targets Linux Workloads

Do Son April 15, 2026

A sophisticated new threat has been unmasked targeting the heart of enterprise cloud infrastructure. Researchers from Breakglass...

OpenStack Keystone Flaw Grants Access to Disabled LDAP Users CVE-2024-44082 - OpenStack Ironic OpenStack Keystone LDAP Identity Service Vulnerability

CVE-2024-44082 - OpenStack Ironic OpenStack Keystone LDAP Identity Service Vulnerability

OpenStack Keystone Flaw Grants Access to Disabled LDAP Users

Do Son April 15, 2026

In the complex machinery of cloud identity management, a single misinterpretation of data can lead to a...

Juju’s CVSS 10 Flaw Hands Over Master Cloud Credentials

Do Son April 14, 2026

Juju, the popular open-source application orchestration engine, is facing a critical security emergency. A newly discovered vulnerability,...

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly

Do Son April 12, 2026

A critical security vulnerability in Axios, the ubiquitous promise-based HTTP client for Node.js and the browser, has...

Cloud Engineering at Risk: AWS Patches Critical Privilege Escalation and RCE Flaws in RES AWS RES Security Cloud Privilege Escalation

Cloud Engineering at Risk: AWS Patches Critical Privilege Escalation and RCE Flaws in RES

Do Son April 9, 2026

Amazon Web Services (AWS) has released urgent security updates for its Research and Engineering Studio (RES), an...

OpenStack Keystone Flaw Grants Full S3 Access via Restricted Credentials, PoC Available Mistral policy bypass flaw arbitrary code execution CVE-2024-40767 Keystone Vulnerability S3 Bypass

OpenStack Keystone Flaw Grants Full S3 Access via Restricted Credentials, PoC Available

Do Son April 9, 2026

A significant security vulnerability has been uncovered in OpenStack Keystone, the identity service that serves as the...

Firecracker Security Alert: Virtio-PCI Vulnerability Could Lead to Out-of-Bounds Memory Access Firecracker Vulnerability Virtio-PCI OOB Write

Firecracker Vulnerability Virtio-PCI OOB Write

Firecracker Security Alert: Virtio-PCI Vulnerability Could Lead to Out-of-Bounds Memory Access

Do Son April 8, 2026

AWS has issued a high-severity security advisory for Firecracker, the open-source virtualization technology purpose-built for high-scale, multi-tenant...

UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud NEXUS Listener React2Shell Vulnerability

UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud

Do Son April 7, 2026

Cisco Talos has revealed a major automated credential harvesting campaign, tracked as UAT-10608, that has already compromised...

GPUBreach Rowhammer Hijacks GPUs for Full System Root GPUBreach GPU Rowhammer

GPUBreach Rowhammer Hijacks GPUs for Full System Root

Do Son April 7, 2026

Researchers from the University of Toronto have demonstrated that Rowhammer attacks on GPUs can move far beyond...

CVE-2026-4370 (CVSS 10): Critical Juju Flaw Grants Attackers Total Infrastructure Control

Do Son April 3, 2026

The cybersecurity community is on high alert following the discovery of a critical security flaw in Juju,...

Google Drive Deploys AI-Powered Ransomware Shields for All Users Google Drive ransomware detection

Google Drive Deploys AI-Powered Ransomware Shields for All Users

Do Son March 31, 2026

In September 2025, Google unveiled experimental ransomware detection and file restoration capabilities to a select cohort of...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

EU Confirms Data Exfiltration in Attack on Europa.eu Cloud Infrastructure

Do Son March 30, 2026

The European Commission has disclosed a significant cyber-attack targeting the cloud infrastructure that hosts its primary web...

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack Harbor Registry Supply Chain Attack

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack

Do Son March 25, 2026

The CERT Coordination Center (CERT/CC) has issued a critical security warning regarding GoHarbor’s Harbor, a widely used...

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers LiteLLM PyPI Supply Chain Attack

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers

Do Son March 25, 2026

A relentless cyber-espionage campaign has expanded its reach into the heart of the AI development ecosystem. Security...

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover

Do Son March 18, 2026

A critical vulnerability has been identified in a key component of Oracle’s open-source portfolio, potentially handing the...

Critical Alert 1 Active Exploit Detected Today