#cloudsecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cloudsecurity, aggregated by home.social.
-
🚨 New MEDIUM CVE detected in AWS Lambda 🚨
CVE-2026-44664 impacts fast-xml-builder in 3 Lambda base images.Details: https://github.com/aws/aws-lambda-base-images/issues/523
More: https://lambdawatchdog.com/ -
🚨 New HIGH CVE detected in AWS Lambda 🚨
CVE-2026-44665 impacts fast-xml-builder in 3 Lambda base images.Details: https://github.com/aws/aws-lambda-base-images/issues/522
More: https://lambdawatchdog.com/ -
🚨 New HIGH CVE detected in AWS Lambda 🚨
CVE-2026-44432 impacts urllib3 in 6 Lambda base images.Details: https://github.com/aws/aws-lambda-base-images/issues/521
More: https://lambdawatchdog.com/ -
🚨 New HIGH CVE detected in AWS Lambda 🚨
CVE-2026-44431 impacts urllib3 in 6 Lambda base images.Details: https://github.com/aws/aws-lambda-base-images/issues/520
More: https://lambdawatchdog.com/ -
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 49 CVEs across 26 images:
• 🔴 Critical: 1
• 🟠 High: 22
• 🟡 Medium: 23
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
«Warum Cloud-Lock-in zum Sicherheitsrisiko wird—Digitale Souveränität braucht einen Exit-Plan:
Mit dem Wechsel hin zu Open-Source-Strukturen hat Schleswig-Holstein Anfang des Jahres ein deutliches Signal gesetzt. Die Abhängigkeit von großen Technologiekonzernen ist kein Naturgesetz.»Viele verantwortliche Leute glauben wenn sie die Tools aufzuzählen, dass dies ein Plan sei. Es ist komplexer & benötigt Zeit.
💻 https://www.it-daily.net/it-management/cloud-computing/digitale-souveraenitaet-exit-plan
#cybersicherheit #cloudservices #itsicherheit #cloudsecurity
-
Pocket OS: AI Didn't Fail, DevOps Did 🤖🔧
AI agent deleted production database + backups in 9 seconds.
Root causes:
Token with PROD delete rights just lying around
Staging agent = PROD access
Backups on same volume
No least privilege
AI amplifies what's already there (good or bad).
Fundamentals first. Always.
-
The future of money is moving to Amsterdam, and Upsun is proud to be part of the conversation! 🇳🇱 💶
We're heading to Money20/20 to show how we're helping fintechs move from legacy complexity to seamless modernization. 😎
Stop by our booth to meet the team! 🤝
📅 June 2 – 4, 2026
📍 Amsterdam, Netherlands
👉 https://europe.money2020.com/ -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
Looking for a cloud firewall that’s not a black box?
IPFire runs on AWS as a standard AMI — transparent, open, and easy to manage.
#CloudSecurity #OpenSource #AWS #NetworkSecurity https://www.ipfire.org/downloads/cloud -
📰 Braintrust AI Platform Breach Exposes Customer API Keys in AWS Account
📢 Braintrust AI platform discloses AWS security breach. Unauthorized access to an account storing customer API keys prompts urgent rotation advisory. A significant supply chain risk for the AI ecosystem. 🤖 #Braintrust #DataBreach #CloudSecurity #AI
-
Gartner: sovereign cloud is only possible if you're American or Chinese. Everyone else is renting the illusion.
Europe produced white papers. One operator in Peel runs a genuinely sovereign stack.
The question was never capability. It was appetite.
https://haunted.lighthouse.co.im/articles/one-person-cares/?utm_source=mastodon
#DigitalSovereignty #CloudSecurity #CLOUDACT #Infrastructure -
Eliminating database password risk might sound like a dream but we are making it a reality with network isolation and SSH keys. ☁️ 🔒
By ditching default passwords and opting for private networking, you can stop worrying about credential leaks and hardcoded secrets. 🛡️
Our latest guide breaks down how we use multi-layered isolation and explicit service authorization to keep your administrative access secure. 👉 https://devcenter.upsun.com/posts/eliminating-database-pwd-risk-with-network-isolation/
-
@cryptomator
The "Cloud" is just someone else's computer—and as we see, even tech giants aren't invincible.
When big tech fails or laws compromise your privacy, having a transparent way to access and manage your own backups becomes a necessity, not a luxury.
This is why #Keepita focuses on giving users a clear window into their mobile data. Don't let your backups be a mystery hidden in someone else's vulnerable cloud.
#Keepita #DataPrivacy #MicrosoftHack #CloudSecurity #InfoSec #SelfCustody -
https://www.europesays.com/britain/31676/ UK firms urged to track hidden cyber attack surface #ApplicationInfrastructure #ApplicationProgrammingInterface(API) #AssetDiscovery #AttackSurfaceManagement #Cloud #CloudSecurity #CyberAttacks #Cybersecurity #DarkWeb #DataBreach #DigitalFootprint #DigitalTransformation #EnterpriseSecurity #ExternalAttackSurfaceManagement #Infosec #OpenSource #Phishing #ShadowIT #SupplyChain #SupplyChainSecurity #ThreatLandscape #UK #UnitedKingdom #UnitedKingdom(UK)
-
Google Cloud Fraud Defence is just WEI repackaged
https://privatecaptcha.com/blog/google-cloud-fraud-defence-wei/
#HackerNews #GoogleCloud #FraudDefence #WEI #Repackaged #CloudSecurity #TechNews #Cybersecurity
-
Industrial Cybersecurity Becomes Business-Critical Priority
Q: How is Claroty pos…
#Conflict #Conflicts #War #AI #Automation #CISO #Claroty #CloudComputing #cloudsecurity #criticalinfrastructure #cyberattacks #Cybersecurity #Data #Dataprivacy #DefensiveAI #digitaltransformation #healthtechnology #industrialcybersecurity #Industry4.0 #IoMT #IoTSecurity #ItaloCalvano #Latinamerica #México #nearshoring #OTcybersecurity #Regulation&Policy #SmartCities #technology
https://www.europesays.com/2970322/ -
IPFire in the cloud? Yes.
It’s available as an AMI on AWS, giving you full control with none of the complexity of native cloud firewalls.
#CloudSecurity #OpenSource #AWS #Firewall https://www.ipfire.org/downloads/cloud -
Enterprises need flexibility, not lock-in.
IPFire offers an open-source firewall platform that works across environments — including AWS.
#CloudSecurity #Firewall #OpenSource #AWS https://www.ipfire.org/downloads/cloud -
A practical cybersecurity brief on reducing operational risk, strengthening controls, and improving executive decision-making.
Where would are cloud security bypassers stealing your data ever... break first in your environment?
CyberSecurity #CloudSecurity #InfoSec #Security
🎥 Watch Teaser: https://steelefortress.com/6ztxan
-
May the Vault be with you. ✨
For Star Wars Day, we’re celebrating all space guardians, pilots, droids, and teams who keep their data safe across the galaxy.
With Cryptomator Hub, teams can centrally manage access to encrypted vaults — so important files stay protected, whether you’re working from the office, remotely, or on an intergalactic mission.
Happy May the 4th! 🚀🔐
#StarWarsDay #MayThe4th #Cryptomator #CryptomatorHub #Encryption #DataSecurity #CloudSecurity
-
https://www.europesays.com/ie/467202/ Cloudflare warns of AI code review prompt injection #AIEthics&Governance #AISafety #AiSecurity #APISecurity #ApplicationSecurity #AppSec #ArtificialIntelligence(AI) #CloudSecurity #Cloudflare #Cybersecurity #DevSecOps #Éire #IE #Ireland #javascript #LargeLanguageModels(LLMs) #MachineLearning(ML) #RedTeaming #RiskManagement #SourceCode #SupplyChainSecurity #Technology #ThreatIntelligence #VirtualPrivateNetworks(VPNs)
-
Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc -
Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc -
Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc -
Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc -
Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc -
Kubernetes moves fast.
Static security doesn’t.Protect your ingress with real-time blocking + GitOps-friendly deployment 👇
https://crowdsec.net/blog/secure-kubernetes-ingress-with-crowdsec-and-traefik-devsecops-at-scale -
🚨 Most people think red teaming is about exploits.
It’s not.
The most effective attacks today don’t start with vulnerabilities —
they start with **trust**.Modern environments are cloud-heavy, identity-driven, and full of SaaS integrations. In these systems, attackers don’t always need to “break in.”
They move quietly through:
• Over-permissioned identities
• Weak approval workflows
• Misconfigured cloud roles
• OAuth tokens and API access
• Human behavior under pressure
• Business processes no one questionsThis is what I’ve been studying and calling the **Quiet Kill Chain** —
a sequence of legitimate-looking actions that, when chained together, become an attack path.No loud exploits.
No obvious malware.
Just normal activity… used the wrong way.## What changes at an advanced level?
You stop asking:
“What exploit should I use?”And start asking:
• Where does this system trust too easily?
• Which action would look completely normal?
• What would defenders ignore?
• How can I blend into business operations?Because the strongest intrusion today is not the one that is invisible.
It’s the one that looks **legitimate**.
## My takeaway
Offensive security is shifting from breaking systems
to understanding them deeply enough to move inside them unnoticed.I’ve written a full deep-dive on this concept here 👇
Curious to hear your thoughts —
Is detection today ready for this level of subtlety?#CyberSecurity #RedTeam #OffensiveSecurity #ThreatIntel #CloudSecurity #IdentitySecurity #EthicalHacking #BlackCipher
-
via #Microsoft : Microsoft Sovereign Private Cloud scales to thousands of nodes with Azure Local
https://ift.tt/4jIwXns
#AzureLocal #SovereignPrivateCloud #CloudSecurity #DataResidency #DataGovernance #EdgeComputing #AIinference #InfrastructureScaling #Dis(transaction)edOpera… -
via #Microsoft : Microsoft Sovereign Private Cloud scales to thousands of nodes with Azure Local
https://ift.tt/4jIwXns
#AzureLocal #SovereignPrivateCloud #CloudSecurity #DataResidency #DataGovernance #EdgeComputing #AIinference #InfrastructureScaling #Dis(transaction)edOpera… -
via #Microsoft : Microsoft Sovereign Private Cloud scales to thousands of nodes with Azure Local
https://ift.tt/4jIwXns
#AzureLocal #SovereignPrivateCloud #CloudSecurity #DataResidency #DataGovernance #EdgeComputing #AIinference #InfrastructureScaling #Dis(transaction)edOpera… -
via #Microsoft : Microsoft Sovereign Private Cloud scales to thousands of nodes with Azure Local
https://ift.tt/4jIwXns
#AzureLocal #SovereignPrivateCloud #CloudSecurity #DataResidency #DataGovernance #EdgeComputing #AIinference #InfrastructureScaling #Dis(transaction)edOpera… -
via #Microsoft : Microsoft Sovereign Private Cloud scales to thousands of nodes with Azure Local
https://ift.tt/4jIwXns
#AzureLocal #SovereignPrivateCloud #CloudSecurity #DataResidency #DataGovernance #EdgeComputing #AIinference #InfrastructureScaling #Dis(transaction)edOpera… -
82% of enterprises are running AI agents they don't know about.
That number came out of #RSAC Conference 2026 — and it wasn't the most alarming stat on the table.
Sean Martin sat back down with Itamar Apelblat, Co-Founder and CEO of Token Security, to unpack what he heard walking the show floor and what the CSA data now makes impossible to ignore: 65% of organizations have already had an AI agent-related incident in the last twelve months. 82% found agents in their environment that nobody authorized. Only 21% have any formal process to retire an agent when it's done.
Discovery alone is not governance. Intent-based enforcement is. That's where this conversation lands — and it's worth your time.
A huge thank you to the team at Token Security for joining Sean Martin and Marco Ciappelli on this journey — both on the floor at #RSAC2026 and in the recap. We loved sharing your story and we're looking forward to many more conversations ahead. 🙌
📍 Where are we headed next? Glad you asked: Infosecurity Europe and Black Hat USA — see you there.
🎙️ Recap: https://youtu.be/ZeI5bSbQ070
🎙️ On Location: https://youtu.be/uWjCQC3LnaY
🌐 RSAC Coverage: https://www.itspmagazine.com/rsac
🌐 Next Coverages: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage#TokenSecurity #AIAgents #AgentSecurity #CyberSecurity #CISO #CloudSecurity #AIGovernance #IdentitySecurity #CSAReport #InfoSec #RSAC2026 #InfosecurityEurope #BlackHatUSA #CyberSecurityPodcast
-
«Tuta Drive: Verschlüsselter Cloud-Speicher startet in geschlossene Beta»
Verschlüsselung in der Technik geht nicht um die Geheimhaltung sondern u.a. um die Verifizierung der Daten. Ich habe keine Ahnung wie die Verschlüsselung von @Tutanota umgesetzt ist aber ich gehe mal vom Positiven aus, da die auch Post-Quantum Verschlüsselung mittlerweile bei bestehenden Services umsetzten.
#online #datenschutz #verschlusselung #cloud #cloudsecurity #cloudserver #web
-
«Tuta Drive: Verschlüsselter Cloud-Speicher startet in geschlossene Beta»
Verschlüsselung in der Technik geht nicht um die Geheimhaltung sondern u.a. um die Verifizierung der Daten. Ich habe keine Ahnung wie die Verschlüsselung von @Tutanota umgesetzt ist aber ich gehe mal vom Positiven aus, da die auch Post-Quantum Verschlüsselung mittlerweile bei bestehenden Services umsetzten.
#online #datenschutz #verschlusselung #cloud #cloudsecurity #cloudserver #web
-
«Tuta Drive: Verschlüsselter Cloud-Speicher startet in geschlossene Beta»
Verschlüsselung in der Technik geht nicht um die Geheimhaltung sondern u.a. um die Verifizierung der Daten. Ich habe keine Ahnung wie die Verschlüsselung von @Tutanota umgesetzt ist aber ich gehe mal vom Positiven aus, da die auch Post-Quantum Verschlüsselung mittlerweile bei bestehenden Services umsetzten.
#online #datenschutz #verschlusselung #cloud #cloudsecurity #cloudserver #web
-
«Tuta Drive: Verschlüsselter Cloud-Speicher startet in geschlossene Beta»
Verschlüsselung in der Technik geht nicht um die Geheimhaltung sondern u.a. um die Verifizierung der Daten. Ich habe keine Ahnung wie die Verschlüsselung von @Tutanota umgesetzt ist aber ich gehe mal vom Positiven aus, da die auch Post-Quantum Verschlüsselung mittlerweile bei bestehenden Services umsetzten.
#online #datenschutz #verschlusselung #cloud #cloudsecurity #cloudserver #web
-
«Tuta Drive: Verschlüsselter Cloud-Speicher startet in geschlossene Beta»
Verschlüsselung in der Technik geht nicht um die Geheimhaltung sondern u.a. um die Verifizierung der Daten. Ich habe keine Ahnung wie die Verschlüsselung von @Tutanota umgesetzt ist aber ich gehe mal vom Positiven aus, da die auch Post-Quantum Verschlüsselung mittlerweile bei bestehenden Services umsetzten.
#online #datenschutz #verschlusselung #cloud #cloudsecurity #cloudserver #web
-
Cloud Native Security: Exam Objective 704.1 of the LPI DevOps Tools Engineer v2.0 covers the key principles, risks, and mitigation strategies specific to cloud-native environments.
Explore the objective to sharpen your DevOps skills: https://lpi.org/unns
#cloudnativesecurity #LPI #devsecops #IAM #cloudsecurity #devops #cryptography #cloudnative -
The 16-31 March #Cyberattacks timeline is out, with 124 events and a #threat landscape dominated by #malware, but also characterized by an unusually high number of #supplychain attacks.
#Cybersecurity #Infosecurity #Cloudsecurity
https://www.hackmageddon.com/2026/04/14/16-31-march-2025-cyber-attacks-timeline/
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Vor ein paar Monaten wurde ich gebeten, die neue Version des C5 ses @bsi zu kommentieren.
https://thomasfricke.de/post/c5-comment-de/
Der Teil mit der Jurisdiktion scheint es geschafft zu haben. Nicht aber die Drohnen? Im Original mit Schreibfehler
https://www.heise.de/news/BSI-Kriterienkatalog-fuer-Cloud-Computing-C5-verlangt-mehr-11247015.html