Cloud
Curated coverage and analysis in this editorial area.
Unit 42: Cloud Buckets Hijackable via Delete-and-Recreate
Unit 42 research shows how globally unique bucket names enable silent redirection of logs and messages across cloud accounts. Cross-CS…
systemd 261: Software TPM and Native Installer Rewrite the Rules
systemd 261 expands the project's scope well beyond its traditional init system role, introducing a software TPM based on IBM swtpm, a…
Attack Surface 2026: 42% of Companies Have Databases Exposed to the Internet
Intruder's report on 3,000 organizations reveals the midmarket paradox: growing companies with enterprise-scale attack surfaces and SM…
Klue Breach: Dormant OAuth Credential Opens Multi-Victim Door to Salesforce
The Icarus extortion group exfiltrated CRM data from Klue customers by abusing stolen OAuth tokens. Cybersecurity vendor Huntress conf…
Splunk Enterprise PostgreSQL Sidecar Bug (CVSS 9.8) Enables Unauthenticated RCE
CVE-2026-20253 allows unauthenticated remote code execution on Splunk Enterprise. The web proxy on port 8000 exposes an internal Postg…
Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE
Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…
CVE-2026-3886: QEMU virtio-gpu Integer Overflow Enables Guest-to-Host Escape
An integer overflow in QEMU’s virtio-gpu driver allows local privilege escalation from guest to host with a CVSS score of 8.8. The ups…
GitLab 19.0 Debuts Native Secrets Management and Air-Gapped AI
GitLab 19.0 integrates native secrets management, agentic merge request workflows, and self-hosted AI models, reinforcing its 'single…
PoC Zealot: Autonomous AI Executes End-to-End GCP Cloud Attack
Unit 42’s Zealot project demonstrates how multi-agent AI systems can autonomously chain SSRF, credential theft, and BigQuery exfiltrat…
CISA Faces Congressional Scrutiny After Months-Long AWS GovCloud Credential Leak on GitHub
Senator Maggie Hassan has demanded a classified briefing from CISA following the discovery of a public GitHub repository that exposed…
Zealot: How Autonomous AI Orchestrates Multi-Stage Cloud Compromise
Palo Alto Networks’ Unit 42 has demonstrated Zealot, a multi-agent PoC capable of executing end-to-end cloud attack chains without hum…
Microsoft Neutralizes Fox Tempest: Malware-Signing-as-a-Service Operation Dismantled
Microsoft has disrupted Fox Tempest, a sophisticated 'Malware-Signing-as-a-Service' operation that leveraged stolen identities to expl…