#cloudsecurity โ Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cloudsecurity, aggregated by home.social.
-
๐ฆ Entra Tenant Governance | Find Configuration Drift
New preview lets admins detect tenant configuration drift natively across Entra and related services. ๐น
Define JSON baselines as configuration as code and create scheduled monitors. Monitors run every six hours and produce run summaries and detailed drift objects with property level diffs. Govern external tenants via B2B signals and role based templates from a single admin center. ๐ก
๐ก Configuration as code baseline
๐ Six hour monitor interval
โ๏ธ Cross tenant governance via B2B signals -
๐ฆ Entra Tenant Governance | Find Configuration Drift
New preview lets admins detect tenant configuration drift natively across Entra and related services. ๐น
Define JSON baselines as configuration as code and create scheduled monitors. Monitors run every six hours and produce run summaries and detailed drift objects with property level diffs. Govern external tenants via B2B signals and role based templates from a single admin center. ๐ก
๐ก Configuration as code baseline
๐ Six hour monitor interval
โ๏ธ Cross tenant governance via B2B signals -
๐จ Attackers donโt break in anymore โ they log in.
Weak Entra roles, shadow admins & legacy access paths are the real targets.
๐ https://7asecurity.com/blog/2026/05/entra-roles-7asecurity-strategy/
-
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
Weโre also releasing ELBaph โ a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
-
New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.
Weโre also releasing ELBaph โ a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.
https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html
#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch
-
๐ ๐ฅ๐๐๐๐๐ก๐ข๐๐ will be attending ๐๐ป๐ณ๐ผ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐๐๐ฟ๐ผ๐ฝ๐ฒ ๐ฎ๐ฌ๐ฎ๐ฒ in London from June 2โ4!
As one of ๐๐ถ๐ณ๐ฐ๐ฑ๐ฆโ๐ด ๐ญ๐ฆ๐ข๐ฅ๐ช๐ฏ๐จ ๐ค๐บ๐ฃ๐ฆ๐ณ๐ด๐ฆ๐ค๐ถ๐ณ๐ช๐ต๐บ ๐ฆ๐ท๐ฆ๐ฏ๐ต๐ด, Infosecurity Europe brings together security professionals, innovators, and decision-makers to explore the future of cyber resilience, cloud security, AI-driven protection, Zero Trust, and more.
#InfosecurityEurope #CyberSecurity #CloudSecurity #ZeroTrust #ApplicationSecurity #ADC #LoadBalancing #CyberResilience #DevSecOps #AI
https://www.relianoid.com/about-us/events/infosecurity-europe-2026/
-
Crypto4A launches quantum-safe rival to AWS Secrets Manager
https://web.brid.gy/r/https://nerds.xyz/2026/05/canadian-quantum-safe-secrets-manager/
-
Crypto4A launches quantum-safe rival to AWS Secrets Manager
https://fed.brid.gy/r/https://nerds.xyz/2026/05/canadian-quantum-safe-secrets-manager/
-
Crypto4A launches quantum-safe rival to AWS Secrets Manager
https://web.brid.gy/r/https://nerds.xyz/2026/05/canadian-quantum-safe-secrets-manager/
-
Crypto4A launches quantum-safe rival to AWS Secrets Manager
https://fed.brid.gy/r/https://nerds.xyz/2026/05/canadian-quantum-safe-secrets-manager/
-
Crypto4A launches quantum-safe rival to AWS Secrets Manager
https://web.brid.gy/r/https://nerds.xyz/2026/05/canadian-quantum-safe-secrets-manager/
-
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
๐
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
๐
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
๐
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
๐
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
๐
https://brutecat.com/articles/google-cloud-rce/ -
Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.
๐ Broad standing permissions are returning
๐ Visibility alone does not reduce blast radius
๐ Runtime governance matters more than authenticationโThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ
#Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents
-
Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.
๐ Broad standing permissions are returning
๐ Visibility alone does not reduce blast radius
๐ Runtime governance matters more than authenticationโThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ
#Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents
-
Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.
๐ Broad standing permissions are returning
๐ Visibility alone does not reduce blast radius
๐ Runtime governance matters more than authenticationโThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ
#Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents
-
Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.
๐ Broad standing permissions are returning
๐ Visibility alone does not reduce blast radius
๐ Runtime governance matters more than authenticationโThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ
#Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents
-
Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.
๐ Broad standing permissions are returning
๐ Visibility alone does not reduce blast radius
๐ Runtime governance matters more than authenticationโThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ
#Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents
-
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 26 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 11
โข ๐ก Medium: 11
โข ๐ต Low: 1
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ๏ธ#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ๏ธ#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ๏ธ#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ๏ธ#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ๏ธ#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
Cybercrime โIndustrializationโ Keep Growing in Latin America
Fraud, ransomware, and AI-driven attacks have become part of increasingly coordinated and scalable criminalโฆ
#Conflict #Conflicts #War #AISecurity #Appgate #CISO #cloudsecurity #Cloudflare #ConnectivityCloud #criticalinfrastructure #cyberattacks #Cybersecurity #Dataprivacy #DefensiveAI #Fraudprevention #Kaspersky #Latinamerica #Mรฉxico #NuevoLeรณn #ransomware #Regulation&Policy #SMESecurity #zerotrust
https://www.europesays.com/3010689/ -
Der Vorfall sorgt nicht nur wegen des politischen Hintergrunds fรผr Aufmerksamkeit, sondern zeigt erneut die wachsenden Risiken moderner Cybersecurity- und Datenschutzprobleme im Bereich Cloud-Infrastruktur und Third-Party-Risk-Management. ๐
#trumpmobile #datenleck #cybersecurity #datenschutz #databreach #itsicherheit #cyberangriff #cloudsecurity #security #datenpanne #cloud #privacy #infosec #kundendaten #mobilfunk #trump
-
Der Vorfall sorgt nicht nur wegen des politischen Hintergrunds fรผr Aufmerksamkeit, sondern zeigt erneut die wachsenden Risiken moderner Cybersecurity- und Datenschutzprobleme im Bereich Cloud-Infrastruktur und Third-Party-Risk-Management. ๐
#trumpmobile #datenleck #cybersecurity #datenschutz #databreach #itsicherheit #cyberangriff #cloudsecurity #security #datenpanne #cloud #privacy #infosec #kundendaten #mobilfunk #trump
-
Der Vorfall sorgt nicht nur wegen des politischen Hintergrunds fรผr Aufmerksamkeit, sondern zeigt erneut die wachsenden Risiken moderner Cybersecurity- und Datenschutzprobleme im Bereich Cloud-Infrastruktur und Third-Party-Risk-Management. ๐
#trumpmobile #datenleck #cybersecurity #datenschutz #databreach #itsicherheit #cyberangriff #cloudsecurity #security #datenpanne #cloud #privacy #infosec #kundendaten #mobilfunk #trump
-
Der Vorfall sorgt nicht nur wegen des politischen Hintergrunds fรผr Aufmerksamkeit, sondern zeigt erneut die wachsenden Risiken moderner Cybersecurity- und Datenschutzprobleme im Bereich Cloud-Infrastruktur und Third-Party-Risk-Management. ๐
#trumpmobile #datenleck #cybersecurity #datenschutz #databreach #itsicherheit #cyberangriff #cloudsecurity #security #datenpanne #cloud #privacy #infosec #kundendaten #mobilfunk #trump
-
Der Vorfall sorgt nicht nur wegen des politischen Hintergrunds fรผr Aufmerksamkeit, sondern zeigt erneut die wachsenden Risiken moderner Cybersecurity- und Datenschutzprobleme im Bereich Cloud-Infrastruktur und Third-Party-Risk-Management. ๐
#trumpmobile #datenleck #cybersecurity #datenschutz #databreach #itsicherheit #cyberangriff #cloudsecurity #security #datenpanne #cloud #privacy #infosec #kundendaten #mobilfunk #trump
-
๐ฐ Nation-State Actors Weaponize Open-Source ROADtools for Azure Cloud Attacks, Bypassing MFA and Persisting in Networks
๐จ Cloud Attack Alert: Nation-states are weaponizing the open-source ROADtools framework to attack Azure environments. Unit 42 breaks down how they achieve persistence & bypass MFA. #ROADtools #Azure #CloudSecurity #EntraID
๐ cyber[.]netsecops[.]io
-
I'm now GNA 119 under CIRCL's GCVE system โ a decentralized vulnerability
identification authority. I have authority to mint vulnerability
identifiers for cloud findings, including ones where vendor CNAs decline
to issue CVEs.I could start assigning IDs to my own research today. I won't.
Cloud vulnerability validation shouldn't be one person's judgment. Mine
or anyone else's.I'm forming a consensus panel of practitioners for each major cloud
platform โ AWS, GCP, Azure, and managed services. GCVE-119 allocations
will go through panel review, not solo decisions.Charter, scope, and membership criteria coming. Community input on
structure welcome before anything is finalized.Background on GCVE and the cloud finding gap:
https://olearysec.com/gcve/ -
I'm now GNA 119 under CIRCL's GCVE system โ a decentralized vulnerability
identification authority. I have authority to mint vulnerability
identifiers for cloud findings, including ones where vendor CNAs decline
to issue CVEs.I could start assigning IDs to my own research today. I won't.
Cloud vulnerability validation shouldn't be one person's judgment. Mine
or anyone else's.I'm forming a consensus panel of practitioners for each major cloud
platform โ AWS, GCP, Azure, and managed services. GCVE-119 allocations
will go through panel review, not solo decisions.Charter, scope, and membership criteria coming. Community input on
structure welcome before anything is finalized.Background on GCVE and the cloud finding gap:
https://olearysec.com/gcve/ -
Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.
The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.
-
Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.
The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.
-
Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.
The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.
-
Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.
The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.
-
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 43 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 15
โข ๐ก Medium: 23
โข ๐ต Low: 2
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 43 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 15
โข ๐ก Medium: 23
โข ๐ต Low: 2
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
๐จ Lambda Watchdog CVE Report ๐จ
Latest AWS Lambda image scan detected 43 CVEs across 26 images:
โข ๐ด Critical: 3
โข ๐ High: 15
โข ๐ก Medium: 23
โข ๐ต Low: 2
Check the full report ๐ https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless -
Google API Keys Remain Usable for 23 Minutes After Deletion
Deleting a Google API key doesn't mean it's immediately useless to hackers - in fact, our experiments show it can remain active for up to 23 minutes, allowing attackers to continue misusing it even after you've tried to revoke access.
#CloudSecurity #ApiKeyManagement #CredentialMisuse #EmergingThreats #GoogleApiKeys