Cloud & Enterprise
Cloud and enterprise IT covers identity, access, SaaS, hybrid infrastructure and corporate attack surfaces. The analysis helps readers follow risks, incidents and architectural decisions relevant to complex environments.

Novo Nordisk: Exposed GitHub Token Leads to 1.3 TB Theft Over Two Months
A GitHub personal access token exposed in client-side JavaScript opened a two-month dwell window: roughly 1.3 TB of data, AI models, a…

Klue Breach: Dormant OAuth Credential Opens Multi-Victim Door to Salesforce
The Icarus extortion group exfiltrated CRM data from Klue customers by abusing stolen OAuth tokens. Cybersecurity vendor Huntress conf…

Splunk Enterprise PostgreSQL Sidecar Bug (CVSS 9.8) Enables Unauthenticated RCE
CVE-2026-20253 allows unauthenticated remote code execution on Splunk Enterprise. The web proxy on port 8000 exposes an internal Postg…

INC Ransomware: 800 Victims, Not a Single Zero-Day
INC ranks among the world's most active ransomware groups despite relying exclusively on known techniques. The Acronis report reveals…

MySQL Exposed at 26%: The 2026 Top 10 Attack Surface Exposures
Intruder's 2026 ASM Index reveals exposed databases and admin panels as primary vectors. Time-to-exploit has collapsed to a single day…

GhostTree: The NTFS Attack That Freezes EDR
Varonis Threat Labs disclosed GhostTree, an evasion technique that neutralizes Windows Defender using recursive NTFS junctions — no el…

Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE
Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…

DragonForce Weaponizes Microsoft Teams TURN Relays for Stealth C2
The DragonForce ransomware group deployed Backdoor.Turn, the first documented in-the-wild malware to abuse Microsoft Teams' legitimate…

Chinese APT UNC6508: A Year of Espionage on REDCap Servers
Google exposes UNC6508: over a year of REDCap server compromise at U.S. and Canadian medical and military institutions using InfiniteR…

ShinyHunters Hits 100+ Universities with Oracle Zero-Day
CVE-2026-35273 in PeopleSoft EMHub: unauthenticated RCE, CVSS 9.8, 68% of victims in higher education. CISA mandates patch by June 15.

Langflow CVE-2026-5027: RCE Under Active Exploitation with 7,000 Instances Exposed
A critical path traversal vulnerability in Langflow is being exploited in the wild. CVE-2026-5027 (CVSS 8.8) enables unauthenticated r…

CVE-2026-3886: QEMU virtio-gpu Integer Overflow Enables Guest-to-Host Escape
An integer overflow in QEMU’s virtio-gpu driver allows local privilege escalation from guest to host with a CVSS score of 8.8. The ups…