Cloud Security Archives • Page 5 of 6 • Daily CyberSecurity

Azure to Enforce MFA for All Resource Management Operations Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure to Enforce MFA for All Resource Management Operations

Do Son September 8, 2025

As cyberattacks grow in frequency, sophistication, and impact, Microsoft is doubling down on its commitment to protect...

50,000 Emails a Day: How a Cloud Flaw Is Fueling Phishing Campaigns phishing-3390518_1280

50,000 Emails a Day: How a Cloud Flaw Is Fueling Phishing Campaigns

Do Son September 8, 2025

The Wiz Research team has revealed details of a May 2025 phishing campaign that weaponized Amazon Simple...

The Master Key: Exposed JSON File Gives Attackers Full Control of Azure AD Azure AD, misconfiguration

The Master Key: Exposed JSON File Gives Attackers Full Control of Azure AD

Do Son September 2, 2025

Resecurity’s HUNTER Team uncovered a severe misconfiguration: sensitive Azure Active Directory (Azure AD) application credentials exposed in...

Malware-less Ransomware: How Storm-0501 is Pivoting to Cloud-Native Attacks Storm-0501, cloud ransomware

Malware-less Ransomware: How Storm-0501 is Pivoting to Cloud-Native Attacks

Do Son August 29, 2025

Microsoft Threat Intelligence has published new research into Storm-0501, a financially motivated threat actor that has dramatically...

Tencent Cloud’s Misconfiguration Exposed Internal Source Code and Credentials Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Tencent Cloud’s Misconfiguration Exposed Internal Source Code and Credentials

Do Son August 28, 2025

Cybersecurity researchers from CYBERNEWS recently published a report disclosing a serious security issue uncovered in Tencent Cloud,...

How Attackers Exploit and Then Patch a Vulnerability to Hide in Linux Systems Apache ActiveMQ, self-patching malware

How Attackers Exploit and Then Patch a Vulnerability to Hide in Linux Systems

Do Son August 21, 2025

Red Canary has revealed a sophisticated attack campaign targeting cloud-based Linux systems through a critical remote code...

The OAuth Phishing Trap: Proofpoint Exposes AiTM Attacks That Bypass MFA to Hijack Cloud Accounts Fake Microsoft landing page, capturing MFA

The OAuth Phishing Trap: Proofpoint Exposes AiTM Attacks That Bypass MFA to Hijack Cloud Accounts

Do Son August 2, 2025

Proofpoint has revealed a persistent wave of adversary-in-the-middle (AiTM) phishing campaigns that exploit Microsoft OAuth applications to...

Soco404: New Stealthy Cryptojacking Campaign Exploits Cloud Misconfigurations and PostgreSQL to Mine Crypto

Do Son July 25, 2025

Wiz Research has uncovered a persistent and evolving cryptojacking operation known as “Soco404,” a campaign that exploits...

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover Manager.io SSRF, Accounting Software Vulnerability

Manager.io SSRF, Accounting Software Vulnerability

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Do Son July 23, 2025

A newly disclosed critical vulnerability in Manager.io, a free accounting software used by businesses across Australia and...

HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts

Do Son July 15, 2025

Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster...

SCATTERED SPIDER Infiltrates Airlines: Ransomware, vCenter Hijacks, and Voice Phishing Unleashed SCATTERED SPIDER, ransomware

SCATTERED SPIDER Infiltrates Airlines: Ransomware, vCenter Hijacks, and Voice Phishing Unleashed

Do Son July 4, 2025

The eCrime group known as SCATTERED SPIDER has recently extended its focus beyond insurance and retail to...

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants Synology ABM, Microsoft 365 Vulnerability

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants

Do Son June 30, 2025

A security vulnerability in Synology’s Active Backup for Microsoft 365 (ABM) software has exposed countless organizations’ cloud...

OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector CloudComputating - QSC framework

OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector

Do Son June 26, 2025

The Trellix Advanced Research Center has unveiled a covert and highly sophisticated APT malware campaign dubbed OneClik,...

From Bypass to Root: Mandiant Red Team Exploits CVE-2025-2171 and CVE-2025-2172 in Aviatrix Cloud Controller

Do Son June 24, 2025

Mandiant successfully breached a fully patched instance of the Aviatrix Controller—a central component in Software-Defined Networking (SDN)...

EKS Security Alert: Overprivileged Containers Exposing AWS Credentials via Unencrypted API

Do Son June 23, 2025

In the complex world of cloud-native applications, Kubernetes and Amazon Elastic Kubernetes Service (EKS) have become the...

Tor Meets Docker: Sophisticated Crypto-Mining Campaign Hijacks Misconfigured APIs

Do Son June 19, 2025

Trend Micro researchers have uncovered a stealthy new attack method that fuses misconfigured Docker remote APIs with...

Critical Apache CloudStack Flaws Expose Kubernetes & Admin Accounts! CVE-2024-50386 Apache CloudStack, Critical Vulnerabilities

Critical Apache CloudStack Flaws Expose Kubernetes & Admin Accounts!

Do Son June 11, 2025

The Apache CloudStack project has released new Long-Term Support (LTS) versions—4.19.3.0 and 4.20.1.0—to address five security vulnerabilities,...

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring! Kibana Vulnerability, Elastic Security

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring!

Do Son June 11, 2025

Elastic has disclosed a high-severity vulnerability (CVE-2024-43706) affecting its Kibana observability platform, specifically in the Synthetic Monitoring...

Salesforce OmniStudio Flaws Expose Encrypted Data Salesforce, OmniStudio