home.social

#cloudsec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cloudsec, aggregated by home.social.

  1. ⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. radar.offseq.com/threat/cve-20 #OffSeq #DoS #CloudSec

  2. ⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. radar.offseq.com/threat/cve-20 #OffSeq #DoS #CloudSec

  3. ⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. radar.offseq.com/threat/cve-20 #OffSeq #DoS #CloudSec

  4. ⚠️ HIGH severity: CVE-2026-9496 impacts pacote 11.2.7 in cloud-hosted setups. Crafted spec.rawSpec can trigger DoS via CPU exhaustion. Vendor patches are rolling out — verify your service is updated. No active exploitation seen. radar.offseq.com/threat/cve-20 #OffSeq #DoS #CloudSec

  5. 🔑 CISA Contractor's GitHub A...

    📝 CISA contractor...

    csoonline.com/article/4173305/

    📰 Contractor’s public GitHub account exposed GovCloud and CISA credentials | CSO Online

    #DevSecOps #GovSec #CloudSec

  6. 🔑 AWS GovCloud Keys Leaked on Github by CISA Admin

    📝 CISA admin leaked AWS GovCloud API keys on Github, exposing sensitive data.

    reddit.com/r/hacking/comments/

    📰 hacking: security in practice

    #DevSecOps #GovSec #CloudSec

  7. ⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CVE #CloudSec

  8. ⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CVE #CloudSec

  9. ⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CVE #CloudSec

  10. ⚠️ CRITICAL: CVE-2026-33844 in Azure Managed Instance for Apache Cassandra allows authorized attackers to execute code remotely via improper input validation. Microsoft manages remediation — verify your instances are patched. More info: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CVE #CloudSec

  11. 🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: radar.offseq.com/threat/cve-20 #OffSeq #Azure #Vulnerability #CloudSec

  12. 🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: radar.offseq.com/threat/cve-20 #OffSeq #Azure #Vulnerability #CloudSec

  13. 🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: radar.offseq.com/threat/cve-20 #OffSeq #Azure #Vulnerability #CloudSec

  14. 🛡️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: radar.offseq.com/threat/cve-20 #OffSeq #Azure #Vulnerability #CloudSec

  15. Join #Doyensec at #DEFCON Singapore 🇸🇬 - Demo Labs!

    Our Mohamed Ouad and Francesco Lacerenza present CloudSec Tidbits: Breaking “Secure-Looking” Cloud Architectures

    See real-world cloud/AppSec bugs & labs

    Details - defcon.org/html/defcon-singapo

    🗓 Tue 14:00 | Wed 12:00 | Thu 13:00

    #cloudsec #appsec #security

  16. Join #Doyensec at #DEFCON Singapore 🇸🇬 - Demo Labs!

    Our Mohamed Ouad and Francesco Lacerenza present CloudSec Tidbits: Breaking “Secure-Looking” Cloud Architectures

    See real-world cloud/AppSec bugs & labs

    Details - defcon.org/html/defcon-singapo

    🗓 Tue 14:00 | Wed 12:00 | Thu 13:00

    #cloudsec #appsec #security

  17. 🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CloudSec #Vulnerability

  18. 🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CloudSec #Vulnerability

  19. 🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CloudSec #Vulnerability

  20. 🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CloudSec #Vulnerability

  21. 🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: radar.offseq.com/threat/new-co #OffSeq #OAuth #Phishing #CloudSec

  22. 🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: radar.offseq.com/threat/new-co #OffSeq #OAuth #Phishing #CloudSec

  23. 🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: radar.offseq.com/threat/new-co #OffSeq #OAuth #Phishing #CloudSec

  24. 🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: radar.offseq.com/threat/new-co #OffSeq #OAuth #Phishing #CloudSec

  25. 🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: radar.offseq.com/threat/new-co #OffSeq #OAuth #Phishing #CloudSec

  26. ⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: radar.offseq.com/threat/bridgi #OffSeq #VulnMgmt #CloudSec

  27. ⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: radar.offseq.com/threat/bridgi #OffSeq #VulnMgmt #CloudSec

  28. ⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: radar.offseq.com/threat/bridgi #OffSeq #VulnMgmt #CloudSec

  29. 🚨 CVE-2025-55306 (CRITICAL, CVSS 9.8) in Mouy-leng GenX_FX ≤1.0.0: API keys & tokens exposed via misconfigured env vars. Risk: cloud resource takeover, data loss. Mitigate: audit configs, rotate creds, use secrets mgmt. radar.offseq.com/threat/cve-20 #OffSeq #CVE202555306 #CloudSec

  30. 🚨 CVE-2025-55306 (CRITICAL, CVSS 9.8) in Mouy-leng GenX_FX ≤1.0.0: API keys & tokens exposed via misconfigured env vars. Risk: cloud resource takeover, data loss. Mitigate: audit configs, rotate creds, use secrets mgmt. radar.offseq.com/threat/cve-20 #OffSeq #CVE202555306 #CloudSec

  31. 🚨 CVE-2025-55306 (CRITICAL, CVSS 9.8) in Mouy-leng GenX_FX ≤1.0.0: API keys & tokens exposed via misconfigured env vars. Risk: cloud resource takeover, data loss. Mitigate: audit configs, rotate creds, use secrets mgmt. radar.offseq.com/threat/cve-20 #OffSeq #CVE202555306 #CloudSec

  32. ⚠️ CVE-2025-7342: HIGH severity vuln in Kubernetes Image Builder leaves hard-coded creds in Windows VM images (Nutanix/OVA providers). Risk of root access! Audit & replace images, monitor nodes. Details: radar.offseq.com/threat/cve-20 #OffSeq #Kubernetes #Vuln #CloudSec

  33. ⚠️ CVE-2025-7342: HIGH severity vuln in Kubernetes Image Builder leaves hard-coded creds in Windows VM images (Nutanix/OVA providers). Risk of root access! Audit & replace images, monitor nodes. Details: radar.offseq.com/threat/cve-20 #OffSeq #Kubernetes #Vuln #CloudSec

  34. ⚠️ CVE-2025-7342: HIGH severity vuln in Kubernetes Image Builder leaves hard-coded creds in Windows VM images (Nutanix/OVA providers). Risk of root access! Audit & replace images, monitor nodes. Details: radar.offseq.com/threat/cve-20 #OffSeq #Kubernetes #Vuln #CloudSec

  35. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4ipSVP

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  36. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4ipSVP

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  37. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4ipSVP

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  38. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4ipSVP

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  39. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4ipSVP

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  40. ⚠️ CRITICAL: CVE-2025-49746 hits Azure Machine Learning. Improper authorization enables privilege escalation over the network—potential cross-tenant impact. No patch yet. Enforce least privilege, monitor access, and prep incident response! Details: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CloudSec #Infosec

  41. ⚠️ CRITICAL: CVE-2025-49746 hits Azure Machine Learning. Improper authorization enables privilege escalation over the network—potential cross-tenant impact. No patch yet. Enforce least privilege, monitor access, and prep incident response! Details: radar.offseq.com/threat/cve-20 #OffSeq #Azure #CloudSec #Infosec

  42. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4iosID

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  43. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4iosID

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  44. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4iosID

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

  45. 🎥 Missed one of my past conference talks? Let’s fix that.

    I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

    “Cloud Native Security; Explained”
    📽️ twp.ai/4iosID

    #CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative