DeafNews
// 1 ZERO-DAY · 2 CVE · 3 EXPLOIT IN THE LAST 24H

Cloud

Curated coverage and analysis in this editorial area.

29 articles

Date Relevance
CYBERSEC

CISA Contractor Exposed AWS GovCloud Credentials and Plaintext Passwords on GitHub for Months

A federal contractor at Nightwing exposed administrative AWS GovCloud credentials and internal passwords in plaintext on GitHub for ov…

May 18, 2026views - 158

CYBERSEC

ShinyHunters: A Serial Extortion Campaign Targets Enterprise SaaS (May 2026)

Between May 7 and May 18, 2026, ShinyHunters targeted Canvas, 7-Eleven, and Grafana in a high-profile data extortion spree. While Inst…

May 18, 2026views - 62

CYBERSEC

Grafana Refuses Ransom Following GitHub Token Theft and Codebase Breach

Grafana Labs has confirmed that a stolen GitHub access token allowed attackers to exfiltrate its source code. Despite extortion attemp…

May 18, 2026views - 82

VULNCRITICAL

GitHub Enterprise RCE: A Single 'git push' Puts Corporate Backends at Risk

CVE-2026-3854 allows Remote Code Execution on GitHub Enterprise Server via user-controlled push options. Reports indicate that 88% of…

May 15, 2026views - 74

CYBERSEC

NVIDIA Confirms GeForce NOW Data Breach via Armenian Partner

NVIDIA has confirmed that a regional partner in the GeForce NOW Alliance suffered a breach exposing user personal data. While central…

May 09, 2026views - 83

CYBERSEC

Zara Data Breach: 197,000 Emails Exposed via Compromised Anodot Tokens

Threat actor ShinyHunters has published a 140 GB Zara dataset allegedly obtained via compromised Anodot authentication tokens. Have I…

May 08, 2026views - 83

malware

BRICKSTORM: CISA and NSA Alert on Evolving Rust Backdoor Targeting vSphere

Cybersecurity agencies have updated their Malware Analysis Report for BRICKSTORM, a sophisticated ELF backdoor targeting VMware vSpher…

May 06, 2026views - 118

CYBERSEC

Multi-Ecosystem Sleeper Packages Target CI Pipelines for Credential Theft and Persistence

At least two distinct campaigns have deployed malicious sleeper packages across RubyGems, npm, and Go modules to harvest developer cre…

May 06, 2026views - 57

CYBERSEC

Vimeo Data Breach: 119,200 Emails Exposed via Anodot Integration

In May 2026, the ShinyHunters threat group published a 106 GB Vimeo archive stolen via the anomaly detection platform Anodot. The leak…

May 05, 2026views - 69

CYBERSEC

Vishing and AiTM Bypass MFA: Invisible Extortion in SaaS

Criminal groups like Cordial Spider use vishing and AiTM to bypass MFA and target SaaS environments. Protect your corporate data from…

May 01, 2026views - 41

CYBERSECCVE

CVE-2026-41940: cPanel Bypass Risk and Mitigations

Analysis of CVE-2026-41940, a critical cPanel vulnerability with CVSS 9.8. Exploited for months, here is its impact on millions of ser…

Apr 30, 2026views - 59

VULNEXPLOIT

Linux Copy Fail Risk: The Invisible 4-Byte Root Exploit

The Linux Copy Fail vulnerability allows root escalation in 4 bytes, corrupting only RAM. Discover the impact on Kubernetes and how to…

Apr 30, 2026views - 44