#cloudsec — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cloudsec, aggregated by home.social.
-
⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec
-
⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec
-
⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec
-
⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. https://radar.offseq.com/threat/cve-2026-9496-denial-of-service-dos-in-pacote-27dd65a5 #OffSeq #DoS #CloudSec
-
🔑 CISA Contractor's GitHub A...
📝 CISA contractor...
📰 Contractor’s public GitHub account exposed GovCloud and CISA credentials | CSO Online
-
🔑 AWS GovCloud Keys Leaked on Github by CISA Admin
📝 CISA admin leaked AWS GovCloud API keys on Github, exposing sensitive data.
https://www.reddit.com/r/hacking/comments/1thr71i/cisa_admin_leaked_aws_govcloud_keys_on_github/
📰 hacking: security in practice
-
⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: https://radar.offseq.com/threat/cve-2026-33844-cwe-20-improper-input-validation-in-b6b26cec #OffSeq #Azure #CVE #CloudSec
-
⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: https://radar.offseq.com/threat/cve-2026-33844-cwe-20-improper-input-validation-in-b6b26cec #OffSeq #Azure #CVE #CloudSec
-
⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: https://radar.offseq.com/threat/cve-2026-33844-cwe-20-improper-input-validation-in-b6b26cec #OffSeq #Azure #CVE #CloudSec
-
⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: https://radar.offseq.com/threat/cve-2026-33844-cwe-20-improper-input-validation-in-b6b26cec #OffSeq #Azure #CVE #CloudSec
-
🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: https://radar.offseq.com/threat/cve-2026-35428-cwe-77-improper-neutralization-of-s-2b3310c3 #OffSeq #Azure #Vulnerability #CloudSec
-
🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: https://radar.offseq.com/threat/cve-2026-35428-cwe-77-improper-neutralization-of-s-2b3310c3 #OffSeq #Azure #Vulnerability #CloudSec
-
🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: https://radar.offseq.com/threat/cve-2026-35428-cwe-77-improper-neutralization-of-s-2b3310c3 #OffSeq #Azure #Vulnerability #CloudSec
-
🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: https://radar.offseq.com/threat/cve-2026-35428-cwe-77-improper-neutralization-of-s-2b3310c3 #OffSeq #Azure #Vulnerability #CloudSec
-
Join #Doyensec at #DEFCON Singapore 🇸🇬 - Demo Labs!
Our Mohamed Ouad and Francesco Lacerenza present CloudSec Tidbits: Breaking “Secure-Looking” Cloud Architectures
See real-world cloud/AppSec bugs & labs
Details - https://defcon.org/html/defcon-singapore/dc-singapore-demolabs.html
🗓 Tue 14:00 | Wed 12:00 | Thu 13:00
-
Join #Doyensec at #DEFCON Singapore 🇸🇬 - Demo Labs!
Our Mohamed Ouad and Francesco Lacerenza present CloudSec Tidbits: Breaking “Secure-Looking” Cloud Architectures
See real-world cloud/AppSec bugs & labs
Details - https://defcon.org/html/defcon-singapore/dc-singapore-demolabs.html
🗓 Tue 14:00 | Wed 12:00 | Thu 13:00
-
🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: https://radar.offseq.com/threat/cve-2025-65037-cwe-94-improper-control-of-generati-ddd87b56 #OffSeq #Azure #CloudSec #Vulnerability
-
🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: https://radar.offseq.com/threat/cve-2025-65037-cwe-94-improper-control-of-generati-ddd87b56 #OffSeq #Azure #CloudSec #Vulnerability
-
🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: https://radar.offseq.com/threat/cve-2025-65037-cwe-94-improper-control-of-generati-ddd87b56 #OffSeq #Azure #CloudSec #Vulnerability
-
🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: https://radar.offseq.com/threat/cve-2025-65037-cwe-94-improper-control-of-generati-ddd87b56 #OffSeq #Azure #CloudSec #Vulnerability
-
🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: https://radar.offseq.com/threat/new-cophish-attack-steals-oauth-tokens-via-copilot-266ec823 #OffSeq #OAuth #Phishing #CloudSec
-
🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: https://radar.offseq.com/threat/new-cophish-attack-steals-oauth-tokens-via-copilot-266ec823 #OffSeq #OAuth #Phishing #CloudSec
-
🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: https://radar.offseq.com/threat/new-cophish-attack-steals-oauth-tokens-via-copilot-266ec823 #OffSeq #OAuth #Phishing #CloudSec
-
🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: https://radar.offseq.com/threat/new-cophish-attack-steals-oauth-tokens-via-copilot-266ec823 #OffSeq #OAuth #Phishing #CloudSec
-
🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: https://radar.offseq.com/threat/new-cophish-attack-steals-oauth-tokens-via-copilot-266ec823 #OffSeq #OAuth #Phishing #CloudSec
-
⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: https://radar.offseq.com/threat/bridging-the-remediation-gap-introducing-pentera-r-0c2edfa6 #OffSeq #VulnMgmt #CloudSec
-
⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: https://radar.offseq.com/threat/bridging-the-remediation-gap-introducing-pentera-r-0c2edfa6 #OffSeq #VulnMgmt #CloudSec
-
⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: https://radar.offseq.com/threat/bridging-the-remediation-gap-introducing-pentera-r-0c2edfa6 #OffSeq #VulnMgmt #CloudSec
-
🚨 CVE-2025-55306 (CRITICAL, CVSS 9.8) in Mouy-leng GenX_FX ≤1.0.0: API keys & tokens exposed via misconfigured env vars. Risk: cloud resource takeover, data loss. Mitigate: audit configs, rotate creds, use secrets mgmt. https://radar.offseq.com/threat/cve-2025-55306-cwe-522-insufficiently-protected-cr-e9277d71 #OffSeq #CVE202555306 #CloudSec
-
🚨 CVE-2025-55306 (CRITICAL, CVSS 9.8) in Mouy-leng GenX_FX ≤1.0.0: API keys & tokens exposed via misconfigured env vars. Risk: cloud resource takeover, data loss. Mitigate: audit configs, rotate creds, use secrets mgmt. https://radar.offseq.com/threat/cve-2025-55306-cwe-522-insufficiently-protected-cr-e9277d71 #OffSeq #CVE202555306 #CloudSec
-
🚨 CVE-2025-55306 (CRITICAL, CVSS 9.8) in Mouy-leng GenX_FX ≤1.0.0: API keys & tokens exposed via misconfigured env vars. Risk: cloud resource takeover, data loss. Mitigate: audit configs, rotate creds, use secrets mgmt. https://radar.offseq.com/threat/cve-2025-55306-cwe-522-insufficiently-protected-cr-e9277d71 #OffSeq #CVE202555306 #CloudSec
-
Tickets booked for #fwdcloudseceurope - hope to meet some new and old faces there!
-
Tickets booked for #fwdcloudseceurope - hope to meet some new and old faces there!
-
Tickets booked for #fwdcloudseceurope - hope to meet some new and old faces there!
-
Tickets booked for #fwdcloudseceurope - hope to meet some new and old faces there!
-
Tickets booked for #fwdcloudseceurope - hope to meet some new and old faces there!
-
⚠️ CVE-2025-7342: HIGH severity vuln in Kubernetes Image Builder leaves hard-coded creds in Windows VM images (Nutanix/OVA providers). Risk of root access! Audit & replace images, monitor nodes. Details: https://radar.offseq.com/threat/cve-2025-7342-cwe-798-use-of-hard-coded-credential-e1399c12 #OffSeq #Kubernetes #Vuln #CloudSec
-
⚠️ CVE-2025-7342: HIGH severity vuln in Kubernetes Image Builder leaves hard-coded creds in Windows VM images (Nutanix/OVA providers). Risk of root access! Audit & replace images, monitor nodes. Details: https://radar.offseq.com/threat/cve-2025-7342-cwe-798-use-of-hard-coded-credential-e1399c12 #OffSeq #Kubernetes #Vuln #CloudSec
-
⚠️ CVE-2025-7342: HIGH severity vuln in Kubernetes Image Builder leaves hard-coded creds in Windows VM images (Nutanix/OVA providers). Risk of root access! Audit & replace images, monitor nodes. Details: https://radar.offseq.com/threat/cve-2025-7342-cwe-798-use-of-hard-coded-credential-e1399c12 #OffSeq #Kubernetes #Vuln #CloudSec
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4ipSVP#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4ipSVP#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4ipSVP#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4ipSVP#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4ipSVP#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
⚠️ CRITICAL: CVE-2025-49746 hits Azure Machine Learning. Improper authorization enables privilege escalation over the network—potential cross-tenant impact. No patch yet. Enforce least privilege, monitor access, and prep incident response! Details: https://radar.offseq.com/threat/cve-2025-49746-cwe-285-improper-authorization-in-m-bb846408 #OffSeq #Azure #CloudSec #Infosec
-
⚠️ CRITICAL: CVE-2025-49746 hits Azure Machine Learning. Improper authorization enables privilege escalation over the network—potential cross-tenant impact. No patch yet. Enforce least privilege, monitor access, and prep incident response! Details: https://radar.offseq.com/threat/cve-2025-49746-cwe-285-improper-authorization-in-m-bb846408 #OffSeq #Azure #CloudSec #Infosec
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4iosID#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4iosID#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4iosID#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative
-
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Cloud Native Security; Explained”
📽️ https://twp.ai/4iosID#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative