Cloud Security

New Advanced VoidLink Malware Targets Linux Cloud and Container Environments

Cybersecurity researchers have revealed a previously unknown and highly sophisticated Linux malware framework known as VoidLink, which is purpose built to maintain long term, covert access to cloud based infrastructures. The malware specifically targets Linux systems that form the backbone of modern cloud services and containerized environments. According to a recent analysis published by Check Point […]

New Advanced VoidLink Malware Targets Linux Cloud and Container Environments Read More »

n8n Supply Chain Attack Exploits Community Nodes to Hijack OAuth Tokens

Security researchers have uncovered a supply chain attack targeting the n8n workflow automation ecosystem, where malicious actors abused community published npm packages to steal OAuth credentials from developers. According to findings published by Endor Labs last week, attackers uploaded eight deceptive npm packages that appeared to function as legitimate n8n integration nodes. These packages were

n8n Supply Chain Attack Exploits Community Nodes to Hijack OAuth Tokens Read More »

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines

Chinese-speaking threat actors are believed to have abused a compromised SonicWall VPN appliance to gain initial access and deploy a sophisticated VMware ESXi virtual machine escape exploit. According to cybersecurity firm Huntress, the exploit may have been under development as early as February 2024. Huntress detected the malicious activity in December 2025 and successfully disrupted

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines Read More »

Coolify Reveals 11 Critical Vulnerabilities Allowing Full Server Compromise on Self-Hosted Instances

Security researchers have disclosed 11 high-impact security vulnerabilities affecting Coolify, an open-source self-hosting and application deployment platform. The flaws could allow attackers to bypass authentication controls and execute arbitrary commands, potentially resulting in complete server and infrastructure compromise on self-hosted instances. Overview of the Disclosed Vulnerabilities The identified issues primarily stem from command injection, improper

Coolify Reveals 11 Critical Vulnerabilities Allowing Full Server Compromise on Self-Hosted Instances Read More »

Cybercriminals Exploit Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybersecurity experts have uncovered a large-scale phishing operation in which threat actors abused a legitimate Google Cloud feature to send deceptive emails that appeared to originate directly from Google infrastructure. According to findings shared by Check Point, attackers misused Google Cloud’s Application Integration service, specifically its built-in email notification capability, to distribute phishing messages from a genuine

Cybercriminals Exploit Google Cloud Email Feature in Multi-Stage Phishing Campaign Read More »

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign

A large scale cryptocurrency mining campaign has been detected targeting cloud environments by abusing compromised Identity and Access Management credentials within Amazon Web Services. The operation leverages stolen IAM permissions to rapidly deploy crypto mining infrastructure across multiple AWS services. The activity was first identified on November 2, 2025, through automated threat detection systems operated

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails

A new agent based browser attack has been discovered in Perplexity’s Comet browser, and researchers from Straiker STAR Labs warn that it can turn a harmless looking email into a destructive command that erases all files stored in a user’s Google Drive account. The method is known as the Zero Click Google Drive Wiper technique.

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails Read More »

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update

Microsoft has announced a major update to strengthen the security of Entra ID authentication. Starting in October 2026, the company will block unauthorized script injection attacks through a revised Content Security Policy (CSP) for its login platform. Enhanced Security for Entra ID Sign-Ins The CSP update will focus on the sign-in experience at login.microsoftonline[.]com, allowing

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update Read More »

Gainsight adds more affected customers after Salesforce security alert

Gainsight has confirmed that the recent suspicious activity involving its applications has affected more users than initially reported. The update follows a security alert issued by Salesforce regarding abnormal behavior linked to Gainsight published apps. More Customers Affected Than First Reported Salesforce originally identified three customers as impacted, but according to Gainsight, the list grew

Gainsight adds more affected customers after Salesforce security alert Read More »