Cloud Security

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions

Cybersecurity analysts have identified five significant vulnerabilities in Fluent Bit, a widely used open source telemetry agent. These flaws can be combined to compromise cloud environments and potentially give attackers full control over infrastructure. Oligo Security shared the findings, noting that the weaknesses allow authentication bypass, path traversal, remote code execution, service disruption, and tag […]

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions Read More »

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services

A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »

Cloudflare Experiences Outage Impacting Its Global Network Services

Cloudflare, a major internet infrastructure provider, is currently experiencing a global outage affecting its network services. Users have reported encountering “internal server error” messages while accessing websites and online platforms connected to Cloudflare. The company is actively investigating the situation and working to restore normal operations. Scope of Cloudflare’s Global Network Cloudflare operates a distributed

Cloudflare Experiences Outage Impacting Its Global Network Services Read More »

Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards

Cybersecurity researchers have exposed a cybercriminal group, known as Jingle Thief, that targets cloud systems used by retailers and consumer service companies, to carry out large scale gift card fraud. The group focuses on stealing credentials through phishing and smishing, then uses those credentials to access cloud-based gift card issuance workflows, issue high value cards,

Jingle Thief Gang Exploits Cloud Infrastructure to Steal Millions in Gift Cards Read More »

Azure Apps Vulnerability Allows Attackers to Create Malicious Apps That Impersonate Microsoft Teams

Security researchers have discovered vulnerabilities in Microsoft’s Azure ecosystem that allow attackers to create fraudulent applications that look like official services, including Microsoft Teams and the Azure Portal. Unicode Trick Bypasses Safeguards Varonis identified that Azure’s protection mechanisms, which prevent reserved names in cross-tenant apps, can be circumvented by inserting invisible Unicode characters. Attackers used

Azure Apps Vulnerability Allows Attackers to Create Malicious Apps That Impersonate Microsoft Teams Read More »

Canva Faces Global Outage, Millions of Users Unable to Access the Platform

Canva, one of the world’s leading graphic design platforms, is facing a major global outage that has disrupted access for millions of users. The platform’s status page confirms “significantly increased error rates” affecting almost every feature. As of 19:16 AEDT (02:46 IST), Canva remains largely unavailable with no confirmed timeline for full recovery. Widespread Impact

Canva Faces Global Outage, Millions of Users Unable to Access the Platform Read More »

Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews

SonicWall revealed on Wednesday that an unauthorized party gained access to firewall configuration backup files of customers using its cloud backup service. The compromised files contain encrypted credentials and configuration data. While the encryption remains active, possession of these files may increase the risk of targeted attacks The company is actively notifying all affected partners

Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews Read More »

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data

A newly surfaced threat actor, calling itself Crimson Collective, has been observed targeting Amazon Web Services, AWS, environments to steal valuable data and pressure organizations with extortion. Recent claims by the group allege they breached Red Hat, taking private repositories from Red Hat’s GitLab instance. This activity signals a worrying shift toward cloud-centric attacks, and

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data Read More »

Microsoft 365 Outage Blocks Access to Admin Center, Core Services, and Entra ID

A significant service outage has disrupted Microsoft 365, preventing users from accessing key services, including the Admin Center and applications that depend on Microsoft Entra ID for authentication. The issue began on Thursday, October 9, 2025, and is impacting organizations worldwide. Widespread Service Disruption The outage has affected users attempting to log in to the Microsoft 365

Microsoft 365 Outage Blocks Access to Admin Center, Core Services, and Entra ID Read More »

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024

A critical security flaw in Broadcom VMware Tools and VMware Aria Operations has been actively exploited since October 2024. According to cybersecurity researchers at NVISO Labs, the attacks are linked to a China-based hacking group tracked as UNC5174 (also known as Uteus or Uetus). The bug, identified as CVE-2025-41244 with a CVSS score of 7.8,

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024 Read More »