In-depth coverage of the latest Cloud Security developments, trends, and analysis — curated daily.
The digital fortress designed to contain AI agents just sprang a leak. Researchers have found a way to sneak data out of AWS Bedrock AgentCore's supposedly isolated sandbox.
A sophisticated malvertising campaign is turning trusted platforms into vectors for Mac malware. Google Ads and Anthropic's Claude.ai are being abused, demonstrating a new frontier in attack sophistication.
Forget spoofed domains and compromised accounts. The new frontier of phishing is here, weaponizing trusted SaaS platforms like Microsoft Dynamics for massive, undetectable attacks.
Millions of Android users thought they were getting access to call histories, but instead, they found themselves victims of a sophisticated scam on the Google Play Store. These apps, collectively known as CallPhantom, delivered nothing but fake data and hefty charges.
Phishers are having a field day with Amazon's Simple Email Service. Exposed AWS keys mean they can blast out convincing scams, and your inbox is the target.
Forget the usual malware scares. A new phishing campaign is weaponizing legitimate Remote Monitoring and Management (RMM) tools, leaving over 80 organizations exposed.
Forget slow-burn exploits. A critical vulnerability in LiteLLM's AI gateway was actively weaponized just 36 hours after its disclosure, proving attackers aren't waiting around for official patches.
Forget 'logs don't lie.' A new attack method makes Entra ID 'success' events look legitimate, even if no actual data access occurs. Your SIEM might be shouting 'all clear' while attackers are just messing with the sensors.
Forget passwords. The latest Azure attack, ConsentFix v3, hijacks accounts through automated OAuth abuse, a chilling escalation for cloud security.
How to design and implement network segmentation strategies that limit lateral movement, contain breaches, and reduce enterprise attack surface.
Microsoft's Sentinel UEBA is extending its reach into AWS, promising a more streamlined approach to cloud security. But does this new feature stack up to the hype?
The quest for faster web experiences has led us to equate more server locations with better security. But for application and API protection, that simple math just doesn't add up.